PYSEC-2014-13
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2014-13.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2014-13
- Aliases
- Published
- 2014-10-15T14:55:00Z
- Modified
- 2023-11-01T05:29:50.277356Z
- Summary
- [none]
- Details
-
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
- References
-
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108
- https://github.com/kennethreitz/requests/issues/1885
- http://www.ubuntu.com/usn/USN-2382-1
- http://www.debian.org/security/2015/dsa-3146
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:133
- http://advisories.mageia.org/MGASA-2014-0409.html
- https://github.com/advisories/GHSA-cfj3-7x9c-4p3h
Affected packages
PyPI / requests
Package
- Name
- requests
- View open source insights on deps.dev
- Purl
- pkg:pypi/requests
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.3.0
Affected versions
0.*
0.0.1
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.4.0
0.4.1
0.5.0
0.5.1
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.8.8
0.8.9
0.9.0
0.9.1
0.9.2
0.9.3
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.6
0.10.7
0.10.8
0.11.1
0.11.2
0.12.0
0.12.01
0.12.1
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5
0.13.6
0.13.7
0.13.8
0.13.9
0.14.0
0.14.1
0.14.2
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.1.0
1.2.0
1.2.1
1.2.2
1.2.3
2.*
2.0.0
2.0.1
2.1.0
2.2.0
2.2.1