search

AOSC-Dev / aosc-os-abbs

ABBS/ACBS tree for AOSC OS package metadata, build configuration, scripts, and patches
https://packages.aosc.io
GNU General Public License v2.0
102 stars 80 forks source link

requests: CVE-2018-18074 #1419

Closed l2dy closed 5 years ago

l2dy commented 6 years ago

CVE IDs: CVE-2018-18074

Other security advisory IDs: USN-3790-1

Descriptions: Requests could be made to expose sensitive information if it received a specially crafted HTTP header.

Patches: https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff

PoC(s): https://github.com/requests/requests/issues/4716

Architectural progress:

MingcongBai commented 5 years ago

Fixed with https://github.com/AOSC-Dev/aosc-os-abbs/commit/dcb21230de3e6f705a8a8be431003b347e5ac3d2. Closing.

MingcongBai commented 5 years ago

Fixed with https://github.com/AOSC-Dev/aosc-os-abbs/commit/dcb21230de3e6f705a8a8be431003b347e5ac3d2. Closing.

l2dy commented 5 years ago

Use AOSA-2018-0428.