Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python requests vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-12781
An issue exists in Django 1.11 prior to 1.11.22, 2.1 prior to 2.1.10, and 2.2 prior to 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django....
Djangoproject Django
Canonical Ubuntu Linux 16.04
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
4.3
CVSSv2
CVE-2019-12308
An issue exists in Django 1.11 prior to 1.11.21, 2.1 prior to 2.1.9, and 2.2 prior to 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or...
Djangoproject Django
4.3
CVSSv2
CVE-2019-11236
In the urllib3 library up to and including 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
Python Urllib3
1 Github repository
5
CVSSv2
CVE-2019-6975
Django 1.11.x prior to 1.11.19, 2.0.x prior to 2.0.11, and 2.1.x prior to 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
Djangoproject Django
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Fedoraproject Fedora 28
Fedoraproject Fedora 29
3 Github repositories
5
CVSSv2
CVE-2018-20060
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted i...
Python Urllib3
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
5
CVSSv2
CVE-2018-18074
The Requests package prior to 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote malicious users to discover credentials by sniffing the network.
Python Requests
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 14.04
Opensuse Leap 15.1
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
11 Github repositories
5
CVSSv2
CVE-2016-10561
Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests.
Bitty Project Bitty 0.2.10
7.5
CVSSv2
CVE-2018-7749
The SSH server implementation of AsyncSSH prior to 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.
Asyncssh Project Asyncssh
5
CVSSv2
CVE-2018-6188
django.contrib.auth.forms.AuthenticationForm in Django 2.0 prior to 2.0.2, and 1.11.8 and 1.11.9, allows remote malicious users to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether ...
Djangoproject Django 2.0.1
Djangoproject Django 1.11.9
Djangoproject Django 2.0
Djangoproject Django 1.11.8
Canonical Ubuntu Linux 17.10
4.3
CVSSv2
CVE-2017-12794
In Django 1.10.x prior to 1.10.8 and 1.11.x prior to 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most prod...
Djangoproject Django 1.10.1
Djangoproject Django 1.10.2
Djangoproject Django 1.11.0
Djangoproject Django 1.11.1
Djangoproject Django 1.10.3
Djangoproject Django 1.10.4
Djangoproject Django 1.11.4
Djangoproject Django 1.10.0
Djangoproject Django 1.10.7
Djangoproject Django 1.11.2
Djangoproject Django 1.11.3
Djangoproject Django 1.10.5
Djangoproject Django 1.10.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »