VDB

PYSEC-2015-17

PYSEC-2015-17 PUBLISHED

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

Affected Products

VendorProductVersions
PyPIrequests2.1.0, 2.1.0, 2.2.0

Timeline

  • Mar 18, 2015 CVE Published
  • Nov 8, 2023 CVE Updated
  • May 1, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›