GHSA-pg2w-x9wp-vw92
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pg2w-x9wp-vw92
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pg2w-x9wp-vw92/GHSA-pg2w-x9wp-vw92.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-pg2w-x9wp-vw92
- Aliases
- Published
- 2022-05-13T01:11:23Z
- Modified
- 2024-02-17T05:34:43.472827Z
- Summary
- Python Requests Session Fixation
- Details
-
The
resolve_redirectsfunction in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. - References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-2296
- https://github.com/psf/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
- https://github.com/psf/requests
- https://warehouse.python.org/project/requests/2.6.0
- http://advisories.mageia.org/MGASA-2015-0120.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:133
- http://www.openwall.com/lists/oss-security/2015/03/14/4
- http://www.openwall.com/lists/oss-security/2015/03/15/1
- http://www.ubuntu.com/usn/USN-2531-1
Affected packages
PyPI / requests
Package
- Name
- requests
- View open source insights on deps.dev
- Purl
- pkg:pypi/requests