VulnerableCode Package Details - pkg:deb/ubuntu/requests@0.11.1-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-c4ud-sqr9-aaae Aliases: CVE-2018-18074 GHSA-x84v-xcm2-53pg PYSEC-2018-28	The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.	2.2.1-1ubuntu0.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.18.4-2ubuntu0.1 Affected by 0 other vulnerabilities.
VCID-ck1f-qh2d-aaab Aliases: CVE-2015-2296 GHSA-pg2w-x9wp-vw92 PYSEC-2015-17	The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.	2.2.1-1ubuntu0.2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kvms-7ss9-aaap Aliases: CVE-2014-1829 GHSA-cfj3-7x9c-4p3h PYSEC-2014-13	Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.	2.2.1-1ubuntu0.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.3.0-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-kx6u-xprg-aaar Aliases: CVE-2014-1830 GHSA-652x-xj99-gmcc PYSEC-2014-14	Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.	2.2.1-1ubuntu0.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.3.0-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-c4ud-sqr9-aaae
Aliases:
CVE-2018-18074
GHSA-x84v-xcm2-53pg
PYSEC-2018-28

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

2.2.1-1ubuntu0.4
Affected by 2 other vulnerabilities.

2.18.4-2ubuntu0.1
Affected by 0 other vulnerabilities.

VCID-ck1f-qh2d-aaab
Aliases:
CVE-2015-2296
GHSA-pg2w-x9wp-vw92
PYSEC-2015-17

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

2.2.1-1ubuntu0.2
Affected by 3 other vulnerabilities.

VCID-kvms-7ss9-aaap
Aliases:
CVE-2014-1829
GHSA-cfj3-7x9c-4p3h
PYSEC-2014-13

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

2.2.1-1ubuntu0.1
Affected by 2 other vulnerabilities.

2.3.0-1
Affected by 1 other vulnerability.

VCID-kx6u-xprg-aaar
Aliases:
CVE-2014-1830
GHSA-652x-xj99-gmcc
PYSEC-2014-14

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.

2.2.1-1ubuntu0.1
Affected by 2 other vulnerabilities.

2.3.0-1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Next non-vulnerable version	2.18.4-2ubuntu0.1
Latest non-vulnerable version	2.18.4-2ubuntu0.1
Risk	4.0