Remediation
Upgrade requests to version 2.20.0 or later. For example:
requests>=2.20.0
Always verify the validity and compatibility of suggestions with your codebase.
Details
CVE-2018-18074 More information
moderate severity
Vulnerable versions: <= 2.19.1
Patched version: 2.20.0
The Requests package through 2.19.1 before 2018-09-14 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
Requests uses semantic versioning.
Integration test passed running against DukeDS dev server.
This is to fix a vulnerability found by github:
Requests uses semantic versioning. Integration test passed running against DukeDS dev server.
Fixes #218