PT-2014-4318 · Python+1 · Requests+1

Published

2014-09-19

·

Updated

2024-06-15

·

CVE-2014-1829

CVSS v4.0

6.9

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Requests (aka python-requests) versions prior to 2.3.0
Description The issue allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
Recommendations For versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2014-1829
DSA-3146-1
GHSA-CFJ3-7X9C-4P3H
MGASA-2014-0409
OPENSUSE-SU-2024:10125-1
OPENSUSE-SU-2024:10482-1
OPENSUSE-SU-2024:11266-1
OPENSUSE-SU-2024:13999-1
PYSEC-2014-13
SUSE-FU-2022:0444-1
SUSE-FU-2022:0445-1
USN-2382-1

Affected Products

Requests
Ubuntu