OESA-2025-1825

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1825
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1825.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2025-1825
Upstream
Published
2025-07-11T12:31:08Z
Modified
2025-09-03T06:31:14.094611Z
Summary
python-requests security update
Details

Requests is an HTTP library, written in Python, as an alternative to Python's builtin urllib2 which requires work (even method overrides) to perform basic tasks. Features of Requests: - GET, HEAD, POST, PUT, DELETE Requests: + HTTP Header Request Attachment. + Data/Params Request Attachment. + Multipart File Uploads. + CookieJar Support. + Redirection History. + Redirection Recursion Urllib Fix. + Automatic Decompression of GZipped Content. + Unicode URL Support. - Authentication: + URL + HTTP Auth Registry.

Security Fix(es):

Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with trust_env=False on one's Requests Session.(CVE-2024-47081)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:24.03-LTS-SP2 / python-requests

Package

Name
python-requests
Purl
pkg:rpm/openEuler/python-requests&distro=openEuler-24.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.31.0-3.oe2403sp2

Ecosystem specific 

{
    "src": [
        "python-requests-2.31.0-3.oe2403sp2.src.rpm"
    ],
    "noarch": [
        "python-requests-help-2.31.0-3.oe2403sp2.noarch.rpm",
        "python3-requests-2.31.0-3.oe2403sp2.noarch.rpm"
    ]
}