{"id":"CVE-2014-1829","details":"Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.","aliases":["GHSA-cfj3-7x9c-4p3h","PYSEC-2014-13"],"modified":"2026-04-16T01:43:57.504303743Z","published":"2014-10-15T14:55:05Z","withdrawn":"2026-01-27T04:12:32.569775Z","related":["SUSE-FU-2022:0444-1","SUSE-FU-2022:0445-1","openSUSE-SU-2024:10125-1","openSUSE-SU-2024:10482-1","openSUSE-SU-2024:11266-1","openSUSE-SU-2024:13999-1"],"references":[{"type":"ADVISORY","url":"http://advisories.mageia.org/MGASA-2014-0409.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2015/dsa-3146"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2382-1"},{"type":"REPORT","url":"https://github.com/kennethreitz/requests/issues/1885"},{"type":"REPORT","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108"}],"schema_version":"1.7.3"}