Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Python 信任管理问题漏洞
Vulnerability Description
Requests package for Python是一款基于Python的开源HTTP库。 Requests package for Python 2.19.1及之前版本(2018-09-14之前发布)中存在安全漏洞,该漏洞源于程序在接收到从https转换到http的重定向请求(带有相同主机名)时,会将HTTP Authorization包头发送到http URI。远程攻击者可通过嗅探网络利用该漏洞获取凭证。
CVSS Information
N/A
Vulnerability Type
N/A