blockchain icon indicating copy to clipboard operation
blockchain copied to clipboard
verified publisher icon dvf

Information Exposure

Open larrycameron80 opened this issue 6 years ago • 0 comments

Information Exposure Vulnerable module: requests Introduced through: [email protected] Detailed paths Introduced through: dvf/blockchain@dvf/blockchain#1369cac2094d36e694da1209d7d4f923264f7f50 › [email protected] Remediation: Upgrade to [email protected]. Overview Requests is a Non-GMO HTTP library for Python

Affected versions of this package are vulnerable to Information Exposure. Upon receiving a same-hostname https-to-http redirect, it sends the HTTP Authorization header to an http URI. This makes it easier for remote attackers to discover credentials by sniffing the network.

Information Exposure vulnerability report

larrycameron80 avatar Sep 17 '19 02:09 larrycameron80