ALAS2023-2023-236 --- python-requestsID: oval:org.secpod.oval:def:19500296 | Date: (C)2024-01-04 (M)2024-01-29 |
Class: PATCH | Family: unix |
A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component
Platform: |
Amazon Linux 2023 |
Product: |
python-requests |
python3-requests |