Launchpad CVE tracker

CVE 2018-18074

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Related bugs and status

CVE-2018-18074 (Candidate) is related to these bugs:

Bug #1801798: CVE-2018-18074: python-requests package may reveal credentials

Summary				In	Importance	Status
	1801798	CVE-2018-18074: python-requests package may reveal credentials		StarlingX	Low	Fix Released

Bug #1811531: remote execution vulnerability

		In	Importance	Status
1811531	remote execution vulnerability	zeromq3 (Ubuntu)	Undecided	Fix Released
1811531	remote execution vulnerability	zeromq3 (Debian)	Unknown	Fix Released
1811531	remote execution vulnerability	zeromq (Suse)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/req...
MISC: https://github.com/req...
MISC: https://github.com/req...
MISC: https://bugs.debian.or...
UBUNTU: USN-3790-1
CONFIRM: http://docs.python-req...
UBUNTU: USN-3790-2
SUSE: openSUSE-SU-2019:1754
REDHAT: RHSA-2019:2035
MISC: https://www.oracle.com...

Launchpad.net

CVE 2018-18074

Related bugs and status

Related bugs

References