Vulnerabilities

CVE-2018-18074

by Fred · 09/10/2018

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Date published : 2018-10-09

http://docs.python-requests.org/en/master/community/updates/#release-and-version-history

https://bugs.debian.org/910766

Similar

Tags: Cybersecurity Alert