Download
| Alert*
oval:org.secpod.oval:def:601813
python3-requests is installed oval:org.secpod.oval:def:89043822 python3-requests is installed oval:org.secpod.oval:def:601941 Jakub Wilk discovered that in requests, an HTTP library for the Python language, authentication information was improperly handled when a redirect occured. This would allow remote servers to obtain two different types of sensitive information: proxy passwords from the Proxy-Authorization header , or ... oval:org.secpod.oval:def:52326 requests: elegant and simple HTTP library for Python Requests could be made to expose authentication credentials over the network. oval:org.secpod.oval:def:52423 requests: elegant and simple HTTP library for Python Requests could be made to expose cookies over the network. oval:org.secpod.oval:def:702260 requests: elegant and simple HTTP library for Python Requests could be made to expose authentication credentials over the network. oval:org.secpod.oval:def:702452 requests: elegant and simple HTTP library for Python Requests could be made to expose cookies over the network. oval:org.secpod.oval:def:704366 requests: elegant and simple HTTP library for Python Details: USN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 Original advisory Requests could be made to expose sensitive information if it received a specially crafted HTTP header. oval:org.secpod.oval:def:51144 requests: elegant and simple HTTP library for Python Requests could be made to expose sensitive information if it received a specially crafted HTTP header. oval:org.secpod.oval:def:704348 requests: elegant and simple HTTP library for Python Requests could be made to expose sensitive information if it received a specially crafted HTTP header. oval:org.secpod.oval:def:91503 requests: elegant and simple HTTP library for Python Requests could be made to expose sensitive information over the network. oval:org.secpod.oval:def:89049182 This update for python-requests fixes the following issues: * CVE-2023-32681: fixed unintended leak of Proxy-Authorization header . oval:org.secpod.oval:def:19500296 A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization head ... oval:org.secpod.oval:def:708233 requests: elegant and simple HTTP library for Python Requests could be made to expose sensitive information over the network. oval:org.secpod.oval:def:507892 The python-requests package contains a library designed to make HTTP requests easy for developers. Security Fix: * python-requests: Unintended leak of Proxy-Authorization header For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informa ... oval:org.secpod.oval:def:507883 The python-requests package contains a library designed to make HTTP requests easy for developers. Security Fix: * python-requests: Unintended leak of Proxy-Authorization header For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informa ... oval:org.secpod.oval:def:89049119 This update for python-requests fixes the following issues: * CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header . oval:org.secpod.oval:def:89049083 This update for grpc, protobuf, python-Deprecated, python-PyGithub, python- aiocontextvars, python-avro, python-bcrypt, python-cryptography, python- cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, ... oval:org.secpod.oval:def:89051548 This update for python3-requests fixes the following issues: * CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header . oval:org.secpod.oval:def:89051929 This update for python-requests fixes the following issues: * CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` . oval:org.secpod.oval:def:3302545 Security update for python-requests |