Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
CVE-2018-18074 (High) detected in requests-2.19.1-py2.py3-none-any.whl #2
CVE-2018-18074 - High Severity Vulnerability
Python HTTP for Humans.
Path to dependency file: /Book_evaluator/requirements.txt
Path to vulnerable library: teSource-ArchiveExtractor_fd8f87ae-06e4-41b9-9bf9-1081dbeaee0f/20190423132825_44359/20190423132703_depth_0/requests-2.19.1-py2.py3-none-any
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
Publish Date: 2018-10-09
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-10-09
Fix Resolution: 2.20.0
Step up your Open Source Security Game with WhiteSource here