The resolve_redirects function in sessions.py in requests 2.1.0 up to and including 2.5.3 allows remote malicious users to conduct session fixation attacks via a cookie without a host value in a redirect.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mageia project mageia 4.0 |
||
python requests 2.1.0 |
||
python requests 2.2.1 |
||
python requests 2.3.0 |
||
python requests 2.4.1 |
||
python requests 2.4.3 |
||
python requests 2.5.0 |
||
python requests 2.5.1 |
||
python requests 2.5.2 |
||
python requests 2.4.0 |
||
python requests 2.4.2 |
||
python requests 2.5.3 |
||
canonical ubuntu linux 14.10 |
||
canonical ubuntu linux 14.04 |