oss-sec mailing list archives
python-requests: CVE-2014-1829, CVE-2014-1830: password disclosure on redirect
From: Jakub Wilk <jwilk () debian org>
Date: Fri, 19 Sep 2014 22:10:01 +0200
FYI: a while ago python-requests 2.3.0 was released, with the following bugfix:
* No longer expose Authorization or Proxy-Authorization headers on redirect. Fix CVE-2014-1829 and CVE-2014-1830 respectively.
References: https://bugs.debian.org/733108 https://github.com/kennethreitz/requests/issues/1885 https://bugzilla.redhat.com/show_bug.cgi?id=1046626 -- Jakub Wilk
Current thread:
- python-requests: CVE-2014-1829, CVE-2014-1830: password disclosure on redirect Jakub Wilk (Sep 19)