Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 7 of 7 results


CVE-2024-35195

Medium priority

Some fixes available 1 of 16

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue...

2 affected packages

python-pip, requests

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
requests Ignored Ignored Ignored Ignored Ignored
Show less packages

CVE-2023-32681

Medium priority

Some fixes available 10 of 17

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the...

2 affected packages

python-pip, requests

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Not affected Vulnerable Fixed Needs evaluation Needs evaluation
requests Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2014-8650

Medium priority
Ignored

python-requests-Kerberos through 0.5 does not handle mutual authentication

1 affected packages

python-requests-kerberos

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-requests-kerberos Not affected Not affected
Show less packages

CVE-2018-18074

Medium priority

Some fixes available 15 of 16

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing...

2 affected packages

python-pip, requests

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Not affected Not affected Not affected Fixed Vulnerable
requests Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2015-2296

Medium priority
Fixed

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

1 affected packages

requests

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
requests
Show less packages

CVE-2014-1830

Medium priority

Some fixes available 1 of 2

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.

1 affected packages

requests

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
requests Not affected
Show less packages

CVE-2014-1829

Medium priority

Some fixes available 1 of 2

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

1 affected packages

requests

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
requests Not affected
Show less packages