Search for packages
| purl | pkg:deb/debian/requests@0.12.1-1%2Bdeb7u1 |
| Next non-vulnerable version | 2.32.3+dfsg-5 |
| Latest non-vulnerable version | 2.32.3+dfsg-5 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3nqp-s5gu-aaae
Aliases: CVE-2023-32681 GHSA-j8r2-6x86-q33q PYSEC-2023-74 |
Unintended leak of Proxy-Authorization header in requests |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-c4ud-sqr9-aaae
Aliases: CVE-2018-18074 GHSA-x84v-xcm2-53pg PYSEC-2018-28 |
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-ck1f-qh2d-aaab
Aliases: CVE-2015-2296 GHSA-pg2w-x9wp-vw92 PYSEC-2015-17 |
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. |
Affected by 2 other vulnerabilities. |
|
VCID-kvms-7ss9-aaap
Aliases: CVE-2014-1829 GHSA-cfj3-7x9c-4p3h PYSEC-2014-13 |
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. |
Affected by 2 other vulnerabilities. |
|
VCID-kx6u-xprg-aaar
Aliases: CVE-2014-1830 GHSA-652x-xj99-gmcc PYSEC-2014-14 |
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T17:53:05.592114+00:00 | Debian Oval Importer | Affected by | VCID-c4ud-sqr9-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T15:11:01.719475+00:00 | Debian Oval Importer | Affected by | VCID-ck1f-qh2d-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:58:18.270470+00:00 | Debian Oval Importer | Affected by | VCID-kx6u-xprg-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:36:50.660996+00:00 | Debian Oval Importer | Affected by | VCID-3nqp-s5gu-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:24:17.447141+00:00 | Debian Oval Importer | Affected by | VCID-kvms-7ss9-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T08:26:33.922562+00:00 | Debian Oval Importer | Affected by | VCID-3nqp-s5gu-aaae | None | 36.1.3 |
| 2025-06-21T00:55:07.839253+00:00 | Debian Oval Importer | Affected by | VCID-kx6u-xprg-aaar | None | 36.1.3 |
| 2025-06-20T22:24:06.792707+00:00 | Debian Oval Importer | Affected by | VCID-ck1f-qh2d-aaab | None | 36.1.3 |
| 2025-06-20T20:16:35.449365+00:00 | Debian Oval Importer | Affected by | VCID-c4ud-sqr9-aaae | None | 36.1.3 |
| 2025-06-20T19:48:50.436086+00:00 | Debian Oval Importer | Affected by | VCID-kvms-7ss9-aaap | None | 36.1.3 |
| 2025-06-08T13:16:13.644315+00:00 | Debian Oval Importer | Affected by | VCID-ck1f-qh2d-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:24:53.121523+00:00 | Debian Oval Importer | Affected by | VCID-c4ud-sqr9-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:04:45.239302+00:00 | Debian Oval Importer | Affected by | VCID-ck1f-qh2d-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:08:37.735513+00:00 | Debian Oval Importer | Affected by | VCID-kx6u-xprg-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:54:41.831370+00:00 | Debian Oval Importer | Affected by | VCID-3nqp-s5gu-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:46:34.752586+00:00 | Debian Oval Importer | Affected by | VCID-kvms-7ss9-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T02:07:53.473941+00:00 | Debian Oval Importer | Affected by | VCID-3nqp-s5gu-aaae | None | 36.1.0 |
| 2025-06-07T18:17:29.197483+00:00 | Debian Oval Importer | Affected by | VCID-kx6u-xprg-aaar | None | 36.1.0 |
| 2025-06-07T15:48:20.678702+00:00 | Debian Oval Importer | Affected by | VCID-ck1f-qh2d-aaab | None | 36.1.0 |
| 2025-06-07T13:56:19.992721+00:00 | Debian Oval Importer | Affected by | VCID-c4ud-sqr9-aaae | None | 36.1.0 |
| 2025-06-07T13:40:57.776428+00:00 | Debian Oval Importer | Affected by | VCID-kvms-7ss9-aaap | None | 36.1.0 |
| 2025-04-12T22:35:03.572375+00:00 | Debian Oval Importer | Affected by | VCID-c4ud-sqr9-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:19:52.818762+00:00 | Debian Oval Importer | Affected by | VCID-kvms-7ss9-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:33:54.724324+00:00 | Debian Oval Importer | Affected by | VCID-kx6u-xprg-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:04:11.011359+00:00 | Debian Oval Importer | Affected by | VCID-ck1f-qh2d-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:06:01.029270+00:00 | Debian Oval Importer | Affected by | VCID-c4ud-sqr9-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T06:36:50.668665+00:00 | Debian Oval Importer | Affected by | VCID-ck1f-qh2d-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:39:35.417360+00:00 | Debian Oval Importer | Affected by | VCID-kx6u-xprg-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:25:53.128719+00:00 | Debian Oval Importer | Affected by | VCID-3nqp-s5gu-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:17:37.864537+00:00 | Debian Oval Importer | Affected by | VCID-kvms-7ss9-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T00:39:49.029078+00:00 | Debian Oval Importer | Affected by | VCID-3nqp-s5gu-aaae | None | 36.0.0 |
| 2025-04-07T16:55:00.371440+00:00 | Debian Oval Importer | Affected by | VCID-kx6u-xprg-aaar | None | 36.0.0 |
| 2025-04-07T14:19:07.539819+00:00 | Debian Oval Importer | Affected by | VCID-ck1f-qh2d-aaab | None | 36.0.0 |
| 2025-04-07T12:31:01.589007+00:00 | Debian Oval Importer | Affected by | VCID-c4ud-sqr9-aaae | None | 36.0.0 |
| 2025-04-07T12:16:17.219751+00:00 | Debian Oval Importer | Affected by | VCID-kvms-7ss9-aaap | None | 36.0.0 |