vulnerability
FreeBSD: VID-50ad9a9a-1e28-11e9-98d7-0050562a4d7b: www/py-requests -- Information disclosure vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Jan 22, 2019 | Jan 23, 2019 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Jan 22, 2019
Added
Jan 23, 2019
Modified
Dec 10, 2025
Description
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
Solutions
freebsd-upgrade-package-py27-requestsfreebsd-upgrade-package-py35-requestsfreebsd-upgrade-package-py36-requestsfreebsd-upgrade-package-py37-requests
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.