Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python requests 2.3.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-32681
Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTT...
Python Requests
Fedoraproject Fedora 37
4 Github repositories
6.8
CVSSv2
CVE-2015-2296
The resolve_redirects function in sessions.py in requests 2.1.0 up to and including 2.5.3 allows remote malicious users to conduct session fixation attacks via a cookie without a host value in a redirect.
Mageia Project Mageia 4.0
Python Requests 2.1.0
Python Requests 2.2.1
Python Requests 2.3.0
Python Requests 2.4.1
Python Requests 2.4.3
Python Requests 2.5.0
Python Requests 2.5.1
Python Requests 2.5.2
Python Requests 2.4.0
Python Requests 2.4.2
Python Requests 2.5.3
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
5
CVSSv2
CVE-2014-1829
Requests (aka python-requests) prior to 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
Debian Debian Linux 7.0
Python Requests
Canonical Ubuntu Linux 14.04
Mageia Mageia 4.0
5
CVSSv2
CVE-2014-1830
Requests (aka python-requests) prior to 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.
Opensuse Opensuse 13.1
Python Requests
6.4
CVSSv2
CVE-2008-4099
PyDNS (aka python-dns) prior to 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote malicious users to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Debian Python-dns 2.3.0-2
Debian Python-dns 2.3.0-1
Debian Python-dns
Debian Python-dns 2.3.1-2
Debian Python-dns 2.3.1-1
Debian Python-dns 2.3.0-5.1
Debian Python-dns 2.3.0-4
Debian Python-dns 2.3.0-6
Debian Python-dns 2.3.0-5
Debian Python-dns 2.3.0-3
6.4
CVSSv2
CVE-2008-4126
PyDNS (aka python-dns) prior to 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote malicious users to spoof DNS responses, a different vulnerability than CVE-2008-...
Debian Python-dns 2.3.0-1
Debian Python-dns
Debian Python-dns 2.3.1-3
Debian Python-dns 2.3.0-5
Debian Python-dns 2.3.0-3
Debian Python-dns 2.3.1-2
Debian Python-dns 2.3.1-1
Debian Python-dns 2.3.0-6
Debian Python-dns 2.3.0-5.1
Debian Python-dns 2.3.0-4
Debian Python-dns 2.3.0-2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started