You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
mend-bolt-for-githubbot
changed the title
CVE-2018-18074 (High) detected in requests-v2.19.1
CVE-2018-18074 (High) detected in requestsv2.21.0
Sep 7, 2022
CVE-2018-18074 - High Severity Vulnerability
A simple, yet elegant HTTP library.
Library home page: https://github.com/kennethreitz/requests.git
Found in HEAD commit: 989085aee421ad91c5e038a0c5b86552fc4dcb71
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
Publish Date: 2018-10-09
URL: CVE-2018-18074
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-18074
Release Date: 2018-10-09
Fix Resolution: 2.20.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: