PYSEC-2014-14 — Vulnetix

PYSEC-2014-14 PUBLISHED CVSS 8.699999809265137 HIGH

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
PyPI	requests	0, 0.0.1, 0.10.0

Timeline

Oct 15, 2014 CVE Published
Nov 8, 2023 CVE Updated
May 1, 2026 Distribution Patch
May 1, 2026 Security Advisory

References

http://www.mandriva.com/security/advisories?name=MDVSA-2015:133 advisory
http://advisories.mageia.org/MGASA-2014-0409.html advisory
http://lists.opensuse.org/opensuse-updates/2016-01/msg00095.html url
https://github.com/advisories/GHSA-652x-xj99-gmcc advisory
https://github.com/kennethreitz/requests/issues/1885 discussion
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108 advisory
http://www.debian.org/security/2015/dsa-3146 advisory

Open in Interactive Console →