Your submission was sent successfully! Close

CVE-2014-1829

Published: 19 September 2014

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

Priority

Medium

Status

Package Release Status
requests
Launchpad, Ubuntu, Debian
Upstream
Released (2.3.0-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.3.0-1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.2.1-1ubuntu0.1)
Patches:
Upstream: https://github.com/kennethreitz/requests/commit/6d7e8a97bbefa287366bc5d0b0b8f789532e853a (bp)
Upstream: https://github.com/kennethreitz/requests/commit/f1893c835570d72823c970fbd6e0e42c13b1f0f2
Upstream: https://github.com/kennethreitz/requests/commit/f74f5e3ebf0943163cd21b93fb682f790277aa19