GMS-2012-3: Denial of Service

April 7, 2012

When using digest authentication with a wrong password, requests will retry the request for infinity. This makes the package vulnerable to Denial of Service (DoS).

References

github.com/requests/requests/issues/541
github.com/requests/requests/pull/547
github.com/requests/requests/pull/547/commits/c3e6c41fc164d4348f8ce197bd0075aff05637af

Detect and mitigate GMS-2012-3 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →