Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-35195

Published: 20/05/2024 Updated: 21/05/2024

Vulnerability Summary

Requests is a HTTP library. before 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.

Vendor Advisories

Debian CVElist Bug Report Logs: requests: CVE-2024-35195
Debian Bug report logs - #1071593 requests: CVE-2024-35195 Package: src:requests; Maintainer for src:requests is Debian Python Team <team+python@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 21 May 2024 20:03:01 UTC Severity: important Tags: security, upstream Found in version ...

References

https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56https://github.com/psf/requests/pull/6655https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fachttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071593https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalationCVE-2024-20696CVE-2024-29829CVE-2024-33999CVE-2024-35646physicalCVE-2024-24919CVE-2024-31030local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook