[Python-modules-team] Bug#910766: requests: CVE-2018-18074
Daniele Tricoli
eriol at mornie.org
Thu Oct 11 02:19:53 BST 2018
Hello Salvatore,
On 10/10/18 10:50 PM, Salvatore Bonaccorso wrote:
> The following vulnerability was published for requests.
>
> CVE-2018-18074[0]:
> | The Requests package through 2.19.1 before 2018-09-14 for Python sends
> | an HTTP Authorization header to an http URI upon receiving a
> | same-hostname https-to-http redirect, which makes it easier for remote
> | attackers to discover credentials by sniffing the network.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Many thanks for the report! I will work on this by the end of the week.
Kind regards,
--
Daniele Tricoli 'eriol'
https://mornie.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/python-modules-team/attachments/20181011/82c3e6ff/attachment.sig>
More information about the Python-modules-team
mailing list