CVE-2024-35195

EUVD-2024-1565
Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.6 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
GitHub_MCNA
5.6 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Debian logo
Debian Releases
Debian Product
Codename
requests
bookworm
ignored
bullseye
no-dsa
buster
postponed
forky
2.32.5+dfsg-1
fixed
sid
2.32.5+dfsg-1
fixed
trixie
2.32.3+dfsg-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
requests
bionic
ignored
focal
ignored
jammy
ignored
mantic
ignored
noble
ignored
oracular
Fixed 2.32.3+dfsg-1ubuntu1
released
plucky
Fixed 2.32.3+dfsg-1ubuntu1
released
questing
Fixed 2.32.3+dfsg-1ubuntu1
released
trusty
ignored
xenial
ignored
python-pip
bionic
ignored
focal
ignored
jammy
needed
mantic
ignored
noble
needed
oracular
ignored
plucky
needed
questing
needed
trusty
ignored
xenial
ignored
Common Weakness Enumeration
References
https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac
https://github.com/psf/requests/pull/6655
https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ/
https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac
https://github.com/psf/requests/pull/6655
https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ/