Описание
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 9.0.1-2.3~ubuntu1.18.04.2 |
| devel | not-affected | |
| esm-apps/bionic | released | 9.0.1-2.3~ubuntu1.18.04.2 |
| esm-apps/focal | not-affected | |
| esm-apps/jammy | not-affected | |
| esm-apps/noble | not-affected | |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | not-affected | code not present |
| focal | not-affected | |
| groovy | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.18.4-2ubuntu0.1 |
| cosmic | released | 2.18.4-2ubuntu0.18.10.1 |
| devel | released | 2.18.4-2ubuntu0.18.10.1 |
| esm-infra-legacy/trusty | not-affected | 2.2.1-1ubuntu0.4 |
| esm-infra/bionic | not-affected | 2.18.4-2ubuntu0.1 |
| esm-infra/focal | not-affected | 2.18.4-2ubuntu0.18.10.1 |
| esm-infra/xenial | not-affected | 2.9.1-3ubuntu0.1 |
| focal | released | 2.18.4-2ubuntu0.18.10.1 |
| groovy | released | 2.18.4-2ubuntu0.18.10.1 |
| hirsute | released | 2.18.4-2ubuntu0.18.10.1 |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
The Requests package before 2.20.0 for Python sends an HTTP Authorizat ...
EPSS
5 Medium
CVSS2
7.5 High
CVSS3