Описание
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Broken Link
- Third Party Advisory
- Issue Tracking
- Issue TrackingPatch
- Third Party Advisory
- Third Party Advisory
- Broken Link
- Third Party Advisory
- Issue Tracking
- Issue TrackingPatch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Конфигурация 2Версия до 2.2.1 (включая)
cpe:2.3:a:python:requests:*:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Конфигурация 4
cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00495
Низкий
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
ubuntu
больше 11 лет назад
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
redhat
около 12 лет назад
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
debian
больше 11 лет назад
Requests (aka python-requests) before 2.3.0 allows remote servers to o ...
CVSS3: 5.3
github
больше 3 лет назад
Exposure of Sensitive Information to an Unauthorized Actor in Requests
EPSS
Процентиль: 65%
0.00495
Низкий
5 Medium
CVSS2
Дефекты
CWE-200