DEBIAN-CVE-2024-35195

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2024-35195
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-35195.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2024-35195
Upstream
Published
2024-05-20T21:15:09Z
Modified
2025-09-30T05:19:11.292160Z
Summary
[none]
Details

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verify. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.

References

Affected packages

Debian:11 / requests

Package

Name
requests
Purl
pkg:deb/debian/requests?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.25.1+dfsg-2
2.27.1+dfsg-1
2.28.1+dfsg-1
2.31.0+dfsg-1
2.31.0+dfsg-2
2.32.3+dfsg-1
2.32.3+dfsg-2
2.32.3+dfsg-3
2.32.3+dfsg-4
2.32.3+dfsg-5
2.32.4+dfsg-1
2.32.5+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / requests

Package

Name
requests
Purl
pkg:deb/debian/requests?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.28.1+dfsg-1
2.31.0+dfsg-1
2.31.0+dfsg-2
2.32.3+dfsg-1
2.32.3+dfsg-2
2.32.3+dfsg-3
2.32.3+dfsg-4
2.32.3+dfsg-5
2.32.4+dfsg-1
2.32.5+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / requests

Package

Name
requests
Purl
pkg:deb/debian/requests?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.32.3+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / requests

Package

Name
requests
Purl
pkg:deb/debian/requests?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.32.3+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}