Skip to content

[Security] Medium Severity Vulnerability (CVE-2015-2296) in Requests v2.32.3 #6942

Closed
Closed
[Security] Medium Severity Vulnerability (CVE-2015-2296) in Requests v2.32.3#6942
Labels
Question/Not a bugactions/autoclose-qaUsed for automation to auto-close an issue
@salmankadaya

Description

@salmankadaya
salmankadaya
opened on May 5, 2025

A potential medium-severity security issue has been identified in the requests library, version 2.32.3, due to indirect implications of CVE-2015-2296.

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2296
https://nvd.nist.gov/vuln/detail/CVE-2015-2296

Metadata

Metadata

Assignees

No one assigned

    Labels

    Question/Not a bugactions/autoclose-qaUsed for automation to auto-close an issue

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions