View all vulnerabilities

CVE-2018-18074

Insufficiently Protected Credentials in Requests

The Requests package through 2.19.1 before 2018-09-14 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
7.5
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Versions
requests < 2.20.0
Severity
High
Ecosystem
Python
Publish Date
October 29, 2018
Modified Date
October 21, 2024