Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
References
Link | Resource |
---|---|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108 | Issue Tracking |
https://github.com/kennethreitz/requests/issues/1885 | Patch Issue Tracking |
http://www.ubuntu.com/usn/USN-2382-1 | Third Party Advisory |
http://www.debian.org/security/2015/dsa-3146 | Third Party Advisory |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:133 | Broken Link |
http://advisories.mageia.org/MGASA-2014-0409.html | Third Party Advisory |
Information
Published : 2014-10-15 07:55
Updated : 2016-08-30 10:11
NVD link : CVE-2014-1829
Mitre link : CVE-2014-1829
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
debian
- debian_linux
canonical
- ubuntu_linux
mageia
- mageia
python
- requests