Skip to content

update Requests Library >=2.20.0 #1064

New issue
New issue
Closed
Closed
update Requests Library >=2.20.0#1064
Assignees
allmightyspiff
Labels
CoreIssues dealing with core functionality
@allmightyspiff

Description

@allmightyspiff
allmightyspiff
opened on Oct 30, 2018

https://nvd.nist.gov/vuln/detail/CVE-2018-18074

CVE-2018-18074 More information
moderate severity
Vulnerable versions: <= 2.19.1
Patched version: 2.20.0
The Requests package through 2.19.1 before 2018-09-14 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Metadata

Metadata

Assignees

Labels

CoreIssues dealing with core functionality

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions