The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python-requests": "2.2.1-1ubuntu0.4", "python-requests-whl": "2.2.1-1ubuntu0.4", "python3-requests": "2.2.1-1ubuntu0.4" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python-requests": "2.9.1-3ubuntu0.1", "python3-requests": "2.9.1-3ubuntu0.1" } ] }
{ "ubuntu_priority": "medium" }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python-pip": "9.0.1-2.3~ubuntu1.18.04.2", "python-pip-whl": "9.0.1-2.3~ubuntu1.18.04.2", "python3-pip": "9.0.1-2.3~ubuntu1.18.04.2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python-requests": "2.18.4-2ubuntu0.1", "python3-requests": "2.18.4-2ubuntu0.1" } ] }