Download
| Alert*
|
oval:org.secpod.oval:def:89043820
This update for python3-requests provides the following fix: python-requests was updated to 2.20.1. Update to version 2.20.1: * Fixed bug with unintended Authorization header stripping for redirects using default ports . Update to version 2.20.0: * Bugfixes + Content-Type header parsing is now case- ... oval:org.secpod.oval:def:89043931 This update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, python-jsonpatch, python-jsonpointer, python-scandir, python-PyYAML fixes the foll ... oval:org.secpod.oval:def:704366 requests: elegant and simple HTTP library for Python Details: USN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 Original advisory Requests could be made to expose sensitive information if it received a specially crafted HTTP header. oval:org.secpod.oval:def:89046334 This update for python-requests fixes the following issues: - CVE-2018-18074: Fixed to prevent the package to send an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect oval:org.secpod.oval:def:89046277 This update for python-requests fixes the following issues: - CVE-2018-18074: Fixed sending an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect oval:org.secpod.oval:def:1504423 [2.6.0-5] - Fix CVE-2018-18074 Resolves: rhbz#1647368 oval:org.secpod.oval:def:704348 requests: elegant and simple HTTP library for Python Requests could be made to expose sensitive information if it received a specially crafted HTTP header. oval:org.secpod.oval:def:2105140 The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. oval:org.secpod.oval:def:503291 The python-requests package contains a library designed to make HTTP requests easy for developers. Security Fix: * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header For more details about the security issue, including the impact, a CVSS score, acknowledgments, and ot ... oval:org.secpod.oval:def:115323 Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Pythons built-in urllib2 module provides most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy for developers. oval:org.secpod.oval:def:115287 Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Pythons built-in urllib2 module provides most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy for developers. oval:org.secpod.oval:def:1700247 A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could expl ... oval:org.secpod.oval:def:51144 requests: elegant and simple HTTP library for Python Requests could be made to expose sensitive information if it received a specially crafted HTTP header. oval:org.secpod.oval:def:115461 Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Pythons built-in urllib2 module provides most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy for developers. oval:org.secpod.oval:def:205256 The python-requests package contains a library designed to make HTTP requests easy for developers. Security Fix: * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header For more details about the security issue, including the impact, a CVSS score, acknowledgments, and ot ... oval:org.secpod.oval:def:2000311 The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. oval:org.secpod.oval:def:1502838 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:69528 pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index . pip is a recursive acronym that can stand for either Pip Installs Packages or Pip Installs Python. Security Fix: * python-urllib3: Cross-host re ... oval:org.secpod.oval:def:1502839 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:66813 pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index . pip is a recursive acronym that can stand for either Pip Installs Packages or Pip Installs Python. Security Fix: * python-urllib3: Cross-host re ... oval:org.secpod.oval:def:205468 TODO: add package description Security Fix: * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure * python-urllib3: CRLF injection due to not encoding the "\r\n" sequence leading to possible attack on internal service * python-urllib3: Certificati ... oval:org.secpod.oval:def:1504367 [9.0.3-16] - Add four new patches for CVEs in bundled urllib3 and requests CVE-2018-20060, CVE-2019-11236, CVE-2019-11324, CVE-2018-18074 Resolves: rhbz#1649153 Resolves: rhbz#1700824 Resolves: rhbz#1702473 Resolves: rhbz#1643829 oval:org.secpod.oval:def:205465 The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. Security Fix: * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure * python-urllib3: CRLF injection due ... oval:org.secpod.oval:def:503745 The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. Security Fix: * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure * python-urllib3: CRLF injection due ... oval:org.secpod.oval:def:503555 TODO: add package description Security Fix: * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure * python-urllib3: CRLF injection due to not encoding the "\r\n" sequence leading to possible attack on internal service * python-urllib3: Certificati ... oval:org.secpod.oval:def:503753 pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index . pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python" Security Fix: * python ... oval:org.secpod.oval:def:1504251 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504399 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:503557 The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. Security Fix: * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure * python-urllib3: CRLF injection due ... oval:org.secpod.oval:def:1700321 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect . This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. In the urllib3 library through 1.24.1 for Python, CRLF injectio ... oval:org.secpod.oval:def:66834 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:1505317 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2500105 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:69546 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... |
