PYSEC-2015-17
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2015-17.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2015-17
- Aliases
- Published
- 2015-03-18T16:59:00Z
- Modified
- 2026-06-10T17:02:37.461577652Z
- Summary
- [none]
- Details
-
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
- References
-
- http://www.openwall.com/lists/oss-security/2015/03/15/1
- http://www.ubuntu.com/usn/USN-2531-1
- http://www.openwall.com/lists/oss-security/2015/03/14/4
- https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
- https://warehouse.python.org/project/requests/2.6.0/
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html
- http://advisories.mageia.org/MGASA-2015-0120.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:133
- https://github.com/advisories/GHSA-pg2w-x9wp-vw92
Affected packages
PyPI / requests
Package
- Name
- requests
- View open source insights on deps.dev
- Purl
- pkg:pypi/requests
Affected ranges
- Type
- GIT
- Repo
- https://github.com/kennethreitz/requests
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced2.1.0Fixed2.6.0
Affected versions
v0.*
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.3.0
v0.3.2
v0.3.3
v0.3.4
v0.4.0
v0.4.1
v0.5.0
v0.5.1
v0.6.3
v0.6.4
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.3
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.10.7
v0.10.8
v0.11.1
v0.12.0
v0.12.1
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.13.4
v0.13.5
v0.13.6
v0.13.7
v0.13.9
v0.14.0
v0.14.1
v0.14.2
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v2.*
v2.0.0
v2.0
v2.0.1
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.5.0
v2.5.1
v2.5.2
2.*
2.0
2.1.0
2.2.0
2.2.1
2.3.0
2.4.0
2.4.1
2.4.2
2.4.3
2.5.0
2.5.1
2.5.2
2.5.3