CVE-2014-1829
NONE
Published Oct 15, 201411y ago · Modified Jun 17, 20262w ago
Published Oct 15, 2014 11y ago
Last Modified Jun 17, 2026 2w ago
Description
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
Affected Products 4
References 6
- advisories.mageia.org http://advisories.mageia.org/MGASA-2014-0409.html
- debian.org http://www.debian.org/security/2015/dsa-3146
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2015:133
- ubuntu.com http://www.ubuntu.com/usn/USN-2382-1
- bugs.debian.org https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108
- github.com https://github.com/kennethreitz/requests/issues/1885
Remediation
- github.com https://github.com/kennethreitz/requests/issues/1885