Vulnerability identifier: #VU19388
Vulnerability risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-255
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Requests
Universal components / Libraries /
Scripting languages
Vendor: Python.org
Description
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Requests: 0.9.0 - 2.19.1
External links
http://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff
http://github.com/requests/requests/issues/4716
http://github.com/requests/requests/pull/4718
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.