Python Requests Session Fixation

説明

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

基本情報

タイプ
reviewed
深刻度
medium
GitHub 上のアドバイザリ
アドバイザリを開く ↗
リポジトリのアドバイザリ
ソースコード
ソースを見る ↗
公開(アドバイザリ)
2022-05-13 01:11:23 UTC
更新
2024-10-21 21:03:10 UTC
GitHub レビュー済み
2023-07-31 23:49:22 UTC
NVD で公開
2015-03-18

EPSS Score

Score Percentile
1.14% 78.05%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

Credits

  • sfblackl-intel (analyst)

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
pip requests >= 2.1.0, < 2.6.0 2.6.0

References

cvelogic Threat Intelligence