CVE-2024-35195

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35195
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35195.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-35195
Aliases
Related
Published
2024-05-20T21:15:09Z
Modified
2024-10-08T04:14:39.531544Z
Summary
[none]
Details

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verify. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.

References

Affected packages

Alpine:v3.18 / py3-requests

Package

Name
py3-requests
Purl
pkg:apk/alpine/py3-requests?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.32.3-r0

Affected versions

1.*

1.0.4-r0
1.1.0-r0
1.2.3-r0

2.*

2.0.0-r0
2.3.0-r0
2.4.3-r0
2.5.1-r0
2.5.2-r0
2.6.0-r0
2.7.0-r0
2.8.1-r0
2.9.1-r0
2.10.0-r0
2.11.0-r0
2.11.1-r0
2.11.1-r1
2.12.4-r0
2.12.4-r1
2.13.0-r0
2.16.5-r0
2.17.3-r0
2.18.1-r0
2.18.1-r1
2.18.2-r0
2.18.3-r0
2.18.4-r0
2.19.1-r0
2.21.0-r0
2.21.0-r1
2.21.0-r2
2.21.0-r3
2.21.0-r4
2.21.0-r5
2.21.0-r6
2.22.0-r0
2.22.0-r1
2.23.0-r0
2.24.0-r0
2.24.0-r1
2.24.0-r2
2.24.0-r3
2.25.0-r0
2.25.0-r1
2.25.1-r0
2.25.1-r1
2.25.1-r2
2.25.1-r3
2.25.1-r4
2.26.0-r0
2.26.0-r1
2.26.0-r2
2.27.1-r0
2.28.1-r0
2.28.1-r1
2.28.1-r2
2.28.2-r0
2.28.2-r1
2.29.0-r0
2.30.0-r0
2.31.0-r0

Alpine:v3.19 / py3-requests

Package

Name
py3-requests
Purl
pkg:apk/alpine/py3-requests?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.32.3-r0

Affected versions

1.*

1.0.4-r0
1.1.0-r0
1.2.3-r0

2.*

2.0.0-r0
2.3.0-r0
2.4.3-r0
2.5.1-r0
2.5.2-r0
2.6.0-r0
2.7.0-r0
2.8.1-r0
2.9.1-r0
2.10.0-r0
2.11.0-r0
2.11.1-r0
2.11.1-r1
2.12.4-r0
2.12.4-r1
2.13.0-r0
2.16.5-r0
2.17.3-r0
2.18.1-r0
2.18.1-r1
2.18.2-r0
2.18.3-r0
2.18.4-r0
2.19.1-r0
2.21.0-r0
2.21.0-r1
2.21.0-r2
2.21.0-r3
2.21.0-r4
2.21.0-r5
2.21.0-r6
2.22.0-r0
2.22.0-r1
2.23.0-r0
2.24.0-r0
2.24.0-r1
2.24.0-r2
2.24.0-r3
2.25.0-r0
2.25.0-r1
2.25.1-r0
2.25.1-r1
2.25.1-r2
2.25.1-r3
2.25.1-r4
2.26.0-r0
2.26.0-r1
2.26.0-r2
2.27.1-r0
2.28.1-r0
2.28.1-r1
2.28.1-r2
2.28.2-r0
2.28.2-r1
2.29.0-r0
2.30.0-r0
2.31.0-r0
2.31.0-r1

Alpine:v3.20 / py3-requests

Package

Name
py3-requests
Purl
pkg:apk/alpine/py3-requests?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.32.3-r0

Affected versions

1.*

1.0.4-r0
1.1.0-r0
1.2.3-r0

2.*

2.0.0-r0
2.3.0-r0
2.4.3-r0
2.5.1-r0
2.5.2-r0
2.6.0-r0
2.7.0-r0
2.8.1-r0
2.9.1-r0
2.10.0-r0
2.11.0-r0
2.11.1-r0
2.11.1-r1
2.12.4-r0
2.12.4-r1
2.13.0-r0
2.16.5-r0
2.17.3-r0
2.18.1-r0
2.18.1-r1
2.18.2-r0
2.18.3-r0
2.18.4-r0
2.19.1-r0
2.21.0-r0
2.21.0-r1
2.21.0-r2
2.21.0-r3
2.21.0-r4
2.21.0-r5
2.21.0-r6
2.22.0-r0
2.22.0-r1
2.23.0-r0
2.24.0-r0
2.24.0-r1
2.24.0-r2
2.24.0-r3
2.25.0-r0
2.25.0-r1
2.25.1-r0
2.25.1-r1
2.25.1-r2
2.25.1-r3
2.25.1-r4
2.26.0-r0
2.26.0-r1
2.26.0-r2
2.27.1-r0
2.28.1-r0
2.28.1-r1
2.28.1-r2
2.28.2-r0
2.28.2-r1
2.29.0-r0
2.30.0-r0
2.31.0-r0
2.31.0-r1
2.31.0-r2

Debian:11 / requests

Package

Name
requests
Purl
pkg:deb/debian/requests?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.25.1+dfsg-2
2.27.1+dfsg-1
2.28.1+dfsg-1
2.31.0+dfsg-1
2.31.0+dfsg-2
2.32.3+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / requests

Package

Name
requests
Purl
pkg:deb/debian/requests?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.28.1+dfsg-1
2.31.0+dfsg-1
2.31.0+dfsg-2
2.32.3+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / requests

Package

Name
requests
Purl
pkg:deb/debian/requests?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.32.3+dfsg-1

Affected versions

2.*

2.28.1+dfsg-1
2.31.0+dfsg-1
2.31.0+dfsg-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/psf/requests

Affected ranges

Type
GIT
Repo
https://github.com/psf/requests
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac

Affected versions

2.*

2.0

v0.*

v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.10.7
v0.10.8
v0.11.1
v0.12.0
v0.12.1
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.13.4
v0.13.5
v0.13.6
v0.13.7
v0.13.9
v0.14.0
v0.14.1
v0.14.2
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.4.0
v0.4.1
v0.5.0
v0.5.1
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.3

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3

v2.*

v2.0
v2.0.0
v2.0.1
v2.1.0
v2.10.0
v2.11.0
v2.11.1
v2.12.0
v2.12.1
v2.12.2
v2.12.3
v2.12.4
v2.12.5
v2.13.0
v2.14.0
v2.14.1
v2.14.2
v2.15.0
v2.15.1
v2.16.0
v2.16.1
v2.16.2
v2.16.3
v2.16.4
v2.16.5
v2.17.0
v2.17.1
v2.17.3
v2.18.0
v2.18.1
v2.18.2
v2.18.3
v2.18.4
v2.19.0
v2.19.1
v2.2.0
v2.2.1
v2.20.0
v2.20.1
v2.21.0
v2.22.0
v2.24.0
v2.25.0
v2.25.1
v2.26.0
v2.27.0
v2.27.1
v2.28.0
v2.28.1
v2.28.2
v2.29.0
v2.3.0
v2.30.0
v2.31.0
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.6.0
v2.6.1
v2.6.2
v2.7.0
v2.8.0
v2.8.1
v2.9.0
v2.9.1
v2.9.2