CVE-2024-35195
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35195
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35195.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-35195
- Aliases
- Related
- Published
- 2024-05-20T21:15:09Z
- Modified
- 2024-08-01T04:50:36.093285Z
- Summary
- [none]
- Details
-
Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests
Session, if the first request is made withverify=Falseto disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value ofverify. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0. - References
-
- https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
- https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac
- https://github.com/psf/requests/pull/6655
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ/
- https://security.alpinelinux.org/vuln/CVE-2024-35195
Affected packages
Alpine:v3.18 / py3-requests
Package
- Name
- py3-requests
- Purl
- pkg:apk/alpine/py3-requests?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.32.3-r0
Affected versions
1.*
1.0.4-r0
1.1.0-r0
1.2.3-r0
2.*
2.0.0-r0
2.3.0-r0
2.4.3-r0
2.5.1-r0
2.5.2-r0
2.6.0-r0
2.7.0-r0
2.8.1-r0
2.9.1-r0
2.10.0-r0
2.11.0-r0
2.11.1-r0
2.11.1-r1
2.12.4-r0
2.12.4-r1
2.13.0-r0
2.16.5-r0
2.17.3-r0
2.18.1-r0
2.18.1-r1
2.18.2-r0
2.18.3-r0
2.18.4-r0
2.19.1-r0
2.21.0-r0
2.21.0-r1
2.21.0-r2
2.21.0-r3
2.21.0-r4
2.21.0-r5
2.21.0-r6
2.22.0-r0
2.22.0-r1
2.23.0-r0
2.24.0-r0
2.24.0-r1
2.24.0-r2
2.24.0-r3
2.25.0-r0
2.25.0-r1
2.25.1-r0
2.25.1-r1
2.25.1-r2
2.25.1-r3
2.25.1-r4
2.26.0-r0
2.26.0-r1
2.26.0-r2
2.27.1-r0
2.28.1-r0
2.28.1-r1
2.28.1-r2
2.28.2-r0
2.28.2-r1
2.29.0-r0
2.30.0-r0
2.31.0-r0
Alpine:v3.19 / py3-requests
Package
- Name
- py3-requests
- Purl
- pkg:apk/alpine/py3-requests?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.32.3-r0
Affected versions
1.*
1.0.4-r0
1.1.0-r0
1.2.3-r0
2.*
2.0.0-r0
2.3.0-r0
2.4.3-r0
2.5.1-r0
2.5.2-r0
2.6.0-r0
2.7.0-r0
2.8.1-r0
2.9.1-r0
2.10.0-r0
2.11.0-r0
2.11.1-r0
2.11.1-r1
2.12.4-r0
2.12.4-r1
2.13.0-r0
2.16.5-r0
2.17.3-r0
2.18.1-r0
2.18.1-r1
2.18.2-r0
2.18.3-r0
2.18.4-r0
2.19.1-r0
2.21.0-r0
2.21.0-r1
2.21.0-r2
2.21.0-r3
2.21.0-r4
2.21.0-r5
2.21.0-r6
2.22.0-r0
2.22.0-r1
2.23.0-r0
2.24.0-r0
2.24.0-r1
2.24.0-r2
2.24.0-r3
2.25.0-r0
2.25.0-r1
2.25.1-r0
2.25.1-r1
2.25.1-r2
2.25.1-r3
2.25.1-r4
2.26.0-r0
2.26.0-r1
2.26.0-r2
2.27.1-r0
2.28.1-r0
2.28.1-r1
2.28.1-r2
2.28.2-r0
2.28.2-r1
2.29.0-r0
2.30.0-r0
2.31.0-r0
2.31.0-r1
Alpine:v3.20 / py3-requests
Package
- Name
- py3-requests
- Purl
- pkg:apk/alpine/py3-requests?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.32.3-r0
Affected versions
1.*
1.0.4-r0
1.1.0-r0
1.2.3-r0
2.*
2.0.0-r0
2.3.0-r0
2.4.3-r0
2.5.1-r0
2.5.2-r0
2.6.0-r0
2.7.0-r0
2.8.1-r0
2.9.1-r0
2.10.0-r0
2.11.0-r0
2.11.1-r0
2.11.1-r1
2.12.4-r0
2.12.4-r1
2.13.0-r0
2.16.5-r0
2.17.3-r0
2.18.1-r0
2.18.1-r1
2.18.2-r0
2.18.3-r0
2.18.4-r0
2.19.1-r0
2.21.0-r0
2.21.0-r1
2.21.0-r2
2.21.0-r3
2.21.0-r4
2.21.0-r5
2.21.0-r6
2.22.0-r0
2.22.0-r1
2.23.0-r0
2.24.0-r0
2.24.0-r1
2.24.0-r2
2.24.0-r3
2.25.0-r0
2.25.0-r1
2.25.1-r0
2.25.1-r1
2.25.1-r2
2.25.1-r3
2.25.1-r4
2.26.0-r0
2.26.0-r1
2.26.0-r2
2.27.1-r0
2.28.1-r0
2.28.1-r1
2.28.1-r2
2.28.2-r0
2.28.2-r1
2.29.0-r0
2.30.0-r0
2.31.0-r0
2.31.0-r1
2.31.0-r2
Git / github.com/psf/requests
Affected ranges
- Type
- GIT
- Repo
- https://github.com/psf/requests
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.0
v0.*
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.10.7
v0.10.8
v0.11.1
v0.12.0
v0.12.1
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.13.4
v0.13.5
v0.13.6
v0.13.7
v0.13.9
v0.14.0
v0.14.1
v0.14.2
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.4.0
v0.4.1
v0.5.0
v0.5.1
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.3
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v2.*
v2.0
v2.0.0
v2.0.1
v2.1.0
v2.10.0
v2.11.0
v2.11.1
v2.12.0
v2.12.1
v2.12.2
v2.12.3
v2.12.4
v2.12.5
v2.13.0
v2.14.0
v2.14.1
v2.14.2
v2.15.0
v2.15.1
v2.16.0
v2.16.1
v2.16.2
v2.16.3
v2.16.4
v2.16.5
v2.17.0
v2.17.1
v2.17.3
v2.18.0
v2.18.1
v2.18.2
v2.18.3
v2.18.4
v2.19.0
v2.19.1
v2.2.0
v2.2.1
v2.20.0
v2.20.1
v2.21.0
v2.22.0
v2.24.0
v2.25.0
v2.25.1
v2.26.0
v2.27.0
v2.27.1
v2.28.0
v2.28.1
v2.28.2
v2.29.0
v2.3.0
v2.30.0
v2.31.0
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.6.0
v2.6.1
v2.6.2
v2.7.0
v2.8.0
v2.8.1
v2.9.0
v2.9.1
v2.9.2