Skip to content

Fix potential vulnerability in cloned function#78

Open
navnitan-7 wants to merge 1 commit into
gd3kr:mainfrom
navnitan-7:fix/CVE-2023-32681
Open

Fix potential vulnerability in cloned function#78
navnitan-7 wants to merge 1 commit into
gd3kr:mainfrom
navnitan-7:fix/CVE-2023-32681

Conversation

@navnitan-7

Copy link
Copy Markdown

Summary

This PR fixes a potential vulnerability in the cloned rebuild_proxies() implementation in lib/requests/sessions.py.

Details

Changes

Adds an HTTPS guard so Proxy-Authorization is not injected for HTTPS requests, preventing proxy credential leakage scenarios.

Impact

Mitigates leakage of proxy credentials in redirected/tunneled request flows.

References

Made with Cursor

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant