On Wed, 31 Oct 2018 18:19:11 -0500, Edward Lopez-Acosta
wrote:
> Changelog:
> - Fixed in 2.20.0 - CVE 2018-18074
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-18074
>
> The Requests package before 2.20.0 for Python sends an HTTP
> Authorization header to an http URI upon receiving a
Changelog:
- Fixed in 2.20.0 - CVE 2018-18074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-18074
The Requests package before 2.20.0 for Python sends an HTTP
Authorization header to an http URI upon receiving a same-hostname
https-to-http redirect, which makes it easier for remote