requests@0.9.0 vulnerabilities
Python HTTP for Humans.
-
latest version
2.32.3
-
latest non vulnerable version
-
first published
14 years ago
-
latest version published
6 months ago
-
licenses detected
- [0.0.1,1.0.0)
Direct Vulnerabilities
Known vulnerabilities in the requests package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when making requests through a Requests Notes:
How to fix Always-Incorrect Control Flow Implementation? Upgrade |
[,2.32.2)
|
Affected versions of this package are vulnerable to Denial of Service (DoS) due to incorrect password used in conjunction with digest authentication. This can lead to an infinite request retry cycle How to fix Denial of Service (DoS)? Upgrade |
[,0.12.0)
|
Requests is a Non-GMO HTTP library for Python Affected versions of this package are vulnerable to Information Exposure. Upon receiving a same-hostname https-to-http redirect, it sends the HTTP Authorization header to an http URI. This makes it easier for remote attackers to discover credentials by sniffing the network. How to fix Information Exposure? Upgrade |
[,2.20)
|
Affected versions of this package are vulnerable to Information Disclosure attacks. Remote servers may obtain sensitive information by reading the How to fix Information Exposure? Upgrade to version |
[,2.3.0)
|
Affected versions of this package are vulnerable to Information Exposure. Remote servers may obtain a netrc password by reading the Authorization header in a redirected request. How to fix Information Exposure? Upgrade to version |
[,2.3.0)
|
Affected versions of this package are vulnerable to Denial of Service attacks.
Algorithmic complexity vulnerability in the How to fix Denial of Service (DoS)? Upgrade to version |
[,1.1.0)
|
Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. When sending a digest with an incorrect password, it will retry the request for infinity. An attacker can send many of these requests, causing a denial of service. |
[,1.2.3]
|