The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.2.1-1ubuntu0.4", "binary_name": "python-requests" }, { "binary_version": "2.2.1-1ubuntu0.4", "binary_name": "python-requests-whl" }, { "binary_version": "2.2.1-1ubuntu0.4", "binary_name": "python3-requests" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "9.0.1-2.3~ubuntu1.18.04.2", "binary_name": "python-pip" }, { "binary_version": "9.0.1-2.3~ubuntu1.18.04.2", "binary_name": "python-pip-whl" }, { "binary_version": "9.0.1-2.3~ubuntu1.18.04.2", "binary_name": "python3-pip" } ] }