Skip to main content

Requests

10 CVEs product

Monthly

CVE-2023-32681 PyPI MEDIUM PATCH This Month

Requests is a HTTP library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Requests Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
3.0%
CVE-2022-34782 Maven MEDIUM PATCH This Month

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Requests
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-21676 Maven MEDIUM PATCH This Month

Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Requests
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2021-21675 Maven MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Requests
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-21674 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Requests
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-29476 PHP CRITICAL PATCH Act Now

Requests is a HTTP library written in PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Requests
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2018-18074 PyPI HIGH POC PATCH This Week

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Requests Ubuntu Linux Leap +3
NVD GitHub
CVSS 3.1
7.5
EPSS
7.4%
CVE-2015-2296 PyPI MEDIUM PATCH This Month

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Mageia Requests Ubuntu Linux
NVD GitHub
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-1830 PyPI MEDIUM PATCH This Month

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Opensuse Requests
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-1829 PyPI MEDIUM PATCH This Month

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Debian Linux Requests Ubuntu Linux +1
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
EPSS 3% CVSS 6.1
MEDIUM PATCH This Month

Requests is a HTTP library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Requests Fedora
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Requests
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Requests
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Requests
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Requests
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Requests is a HTTP library written in PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Requests
NVD GitHub
EPSS 7% CVSS 7.5
HIGH POC PATCH This Week

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Requests +5
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Mageia Requests +1
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Opensuse +1
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Debian Linux +3
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy