CVE-2014-1829

NONE
Published Oct 15, 201411y ago · Modified Jun 17, 20262w ago
Find Similar
Published Oct 15, 2014 11y ago
Last Modified Jun 17, 2026 2w ago

Description

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 4

VendorProductVersionRange
debiandebian_linux7.0any
pythonrequests* ≤2.2.1
canonicalubuntu_linux14.04any
mageiamageia4.0any

References 6

  • advisories.mageia.org http://advisories.mageia.org/MGASA-2014-0409.html
    Third Party Advisory
  • debian.org http://www.debian.org/security/2015/dsa-3146
    Third Party Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2015:133
    Broken Link
  • ubuntu.com http://www.ubuntu.com/usn/USN-2382-1
    Third Party Advisory
  • bugs.debian.org https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108
    Issue Tracking
  • github.com https://github.com/kennethreitz/requests/issues/1885
    Issue TrackingPatch

Remediation

  • github.com https://github.com/kennethreitz/requests/issues/1885
    Issue TrackingPatch