Path to dependency file: /sqlmate/requirements.txt
Path to vulnerable library: teSource-ArchiveExtractor_58d5b1a3-882f-4d6a-a9cc-cfbeab782756/20190505155042_80940/20190505155030_depth_0/requests-2.9.1-py2.py3-none-any/requests
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
CVE-2018-18074 - High Severity Vulnerability
Python HTTP for Humans.
Library home page: https://files.pythonhosted.org/packages/b8/f7/3bb4d18c234a8ce7044d5ee2e1082b7d72bf6c550afb8d51ae266dea56f1/requests-2.9.1-py2.py3-none-any.whl
Path to dependency file: /sqlmate/requirements.txt
Path to vulnerable library: teSource-ArchiveExtractor_58d5b1a3-882f-4d6a-a9cc-cfbeab782756/20190505155042_80940/20190505155030_depth_0/requests-2.9.1-py2.py3-none-any/requests
Dependency Hierarchy: - :x: **requests-2.9.1-py2.py3-none-any.whl** (Vulnerable Library)
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
Publish Date: 2018-10-09
URL: CVE-2018-18074
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-18074
Release Date: 2018-10-09
Fix Resolution: 2.20.0
Step up your Open Source Security Game with WhiteSource here