PT-2014-4319 · Python+1 · Requests+1

Published

2014-09-19

·

Updated

2024-06-15

·

CVE-2014-1830

CVSS v4.0

6.9

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Requests (aka python-requests) versions prior to 2.3.0
Description The issue allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.
Recommendations For versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2014-1830
DSA-3146-1
GHSA-652X-XJ99-GMCC
MGASA-2014-0409
OPENSUSE-SU-2024:10125-1
OPENSUSE-SU-2024:10482-1
PYSEC-2014-14
SUSE-FU-2022:0444-1
SUSE-FU-2022:0445-1
USN-2382-1

Affected Products

Requests
Ubuntu