Will It Vibe logoWill It Vibe?
SCA-011Medium severity-8 points

requests Proxy-Authorization leak (pip, <2.31.0)

Part of Dependencies & Hygiene, which counts for 10% of the overall score. When this check fires it deducts 8 points from that category, once per scan, no matter how many places it turns up.

What it detects

Flags an exact requirements.txt pin of requests below 2.31.0, before CVE-2023-32681 fixed a Proxy-Authorization header leak across redirects to a different host.

Why it matters

requests before 2.31.0 leaks the Proxy-Authorization header to the final destination host when a proxied request is redirected to a different host than originally requested (CVE-2023-32681). If your app or a dependency uses requests with an authenticated proxy, that proxy credential can end up sent to a host you never intended, an information-disclosure risk rather than remote code execution, but a real credential leak in specific but not uncommon configurations. This check is a small, hand-picked list of known, historically-significant incidents, not a live CVE feed -- for continuous CVE monitoring, run a dedicated SCA tool (npm audit, pip-audit, OWASP Dependency-Check, Snyk, or similar) against your resolved dependency tree.

How to fix it

Upgrade requests to 2.31.0 or later. This is a drop-in upgrade with no API changes for the vast majority of callers.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Dependencies & Hygiene checks