VYPR
Moderate severityNVD Advisory· Published Mar 18, 2015· Updated Jun 17, 2026

CVE-2015-2296

CVE-2015-2296

Description

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
requestsPyPI
>= 2.1.0, < 2.6.02.6.0

Affected products

120

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.