CVE-2024-35195

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35195
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35195.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-35195
Aliases
Related
Published
2024-05-20T21:15:09Z
Modified
2024-10-12T11:25:08.234554Z
Summary
[none]
Details

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verify. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.

References

Affected packages

Alpine:v3.18 / py3-requests

Package

Name
py3-requests
Purl
pkg:apk/alpine/py3-requests?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.32.3-r0

Affected versions

1.*

1.0.4-r0
1.1.0-r0
1.2.3-r0

2.*

2.0.0-r0
2.3.0-r0
2.4.3-r0
2.5.1-r0
2.5.2-r0
2.6.0-r0
2.7.0-r0
2.8.1-r0
2.9.1-r0
2.10.0-r0
2.11.0-r0
2.11.1-r0
2.11.1-r1
2.12.4-r0
2.12.4-r1
2.13.0-r0
2.16.5-r0
2.17.3-r0
2.18.1-r0
2.18.1-r1
2.18.2-r0
2.18.3-r0
2.18.4-r0
2.19.1-r0
2.21.0-r0
2.21.0-r1
2.21.0-r2
2.21.0-r3
2.21.0-r4
2.21.0-r5
2.21.0-r6
2.22.0-r0
2.22.0-r1
2.23.0-r0
2.24.0-r0
2.24.0-r1
2.24.0-r2
2.24.0-r3
2.25.0-r0
2.25.0-r1
2.25.1-r0
2.25.1-r1
2.25.1-r2
2.25.1-r3
2.25.1-r4
2.26.0-r0
2.26.0-r1
2.26.0-r2
2.27.1-r0
2.28.1-r0
2.28.1-r1
2.28.1-r2
2.28.2-r0
2.28.2-r1
2.29.0-r0
2.30.0-r0
2.31.0-r0

Alpine:v3.19 / py3-requests

Package

Name
py3-requests
Purl
pkg:apk/alpine/py3-requests?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.32.3-r0

Affected versions

1.*

1.0.4-r0
1.1.0-r0
1.2.3-r0

2.*

2.0.0-r0
2.3.0-r0
2.4.3-r0
2.5.1-r0
2.5.2-r0
2.6.0-r0
2.7.0-r0
2.8.1-r0
2.9.1-r0
2.10.0-r0
2.11.0-r0
2.11.1-r0
2.11.1-r1
2.12.4-r0
2.12.4-r1
2.13.0-r0
2.16.5-r0
2.17.3-r0
2.18.1-r0
2.18.1-r1
2.18.2-r0
2.18.3-r0
2.18.4-r0
2.19.1-r0
2.21.0-r0
2.21.0-r1
2.21.0-r2
2.21.0-r3
2.21.0-r4
2.21.0-r5
2.21.0-r6
2.22.0-r0
2.22.0-r1
2.23.0-r0
2.24.0-r0
2.24.0-r1
2.24.0-r2
2.24.0-r3
2.25.0-r0
2.25.0-r1
2.25.1-r0
2.25.1-r1
2.25.1-r2
2.25.1-r3
2.25.1-r4
2.26.0-r0
2.26.0-r1
2.26.0-r2
2.27.1-r0
2.28.1-r0
2.28.1-r1
2.28.1-r2
2.28.2-r0
2.28.2-r1
2.29.0-r0
2.30.0-r0
2.31.0-r0
2.31.0-r1

Alpine:v3.20 / py3-requests

Package

Name
py3-requests
Purl
pkg:apk/alpine/py3-requests?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.32.3-r0

Affected versions

1.*

1.0.4-r0
1.1.0-r0
1.2.3-r0

2.*

2.0.0-r0
2.3.0-r0
2.4.3-r0
2.5.1-r0
2.5.2-r0
2.6.0-r0
2.7.0-r0
2.8.1-r0
2.9.1-r0
2.10.0-r0
2.11.0-r0
2.11.1-r0
2.11.1-r1
2.12.4-r0
2.12.4-r1
2.13.0-r0
2.16.5-r0
2.17.3-r0
2.18.1-r0
2.18.1-r1
2.18.2-r0
2.18.3-r0
2.18.4-r0
2.19.1-r0
2.21.0-r0
2.21.0-r1
2.21.0-r2
2.21.0-r3
2.21.0-r4
2.21.0-r5
2.21.0-r6
2.22.0-r0
2.22.0-r1
2.23.0-r0
2.24.0-r0
2.24.0-r1
2.24.0-r2
2.24.0-r3
2.25.0-r0
2.25.0-r1
2.25.1-r0
2.25.1-r1
2.25.1-r2
2.25.1-r3
2.25.1-r4
2.26.0-r0
2.26.0-r1
2.26.0-r2
2.27.1-r0
2.28.1-r0
2.28.1-r1
2.28.1-r2
2.28.2-r0
2.28.2-r1
2.29.0-r0
2.30.0-r0
2.31.0-r0
2.31.0-r1
2.31.0-r2

Debian:11 / requests

Package

Name
requests
Purl
pkg:deb/debian/requests?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.25.1+dfsg-2
2.27.1+dfsg-1
2.28.1+dfsg-1
2.31.0+dfsg-1
2.31.0+dfsg-2
2.32.3+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / requests

Package

Name
requests
Purl
pkg:deb/debian/requests?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.28.1+dfsg-1
2.31.0+dfsg-1
2.31.0+dfsg-2
2.32.3+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / requests

Package

Name
requests
Purl
pkg:deb/debian/requests?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.32.3+dfsg-1

Affected versions

2.*

2.28.1+dfsg-1
2.31.0+dfsg-1
2.31.0+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/psf/requests

Affected ranges

Type
GIT
Repo
https://github.com/psf/requests
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

2.*

2.0

v0.*

v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.10.7
v0.10.8
v0.11.1
v0.12.0
v0.12.1
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.13.4
v0.13.5
v0.13.6
v0.13.7
v0.13.9
v0.14.0
v0.14.1
v0.14.2
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.4.0
v0.4.1
v0.5.0
v0.5.1
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.3

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3

v2.*

v2.0
v2.0.0
v2.0.1
v2.1.0
v2.10.0
v2.11.0
v2.11.1
v2.12.0
v2.12.1
v2.12.2
v2.12.3
v2.12.4
v2.12.5
v2.13.0
v2.14.0
v2.14.1
v2.14.2
v2.15.0
v2.15.1
v2.16.0
v2.16.1
v2.16.2
v2.16.3
v2.16.4
v2.16.5
v2.17.0
v2.17.1
v2.17.3
v2.18.0
v2.18.1
v2.18.2
v2.18.3
v2.18.4
v2.19.0
v2.19.1
v2.2.0
v2.2.1
v2.20.0
v2.20.1
v2.21.0
v2.22.0
v2.24.0
v2.25.0
v2.25.1
v2.26.0
v2.27.0
v2.27.1
v2.28.0
v2.28.1
v2.28.2
v2.29.0
v2.3.0
v2.30.0
v2.31.0
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.6.0
v2.6.1
v2.6.2
v2.7.0
v2.8.0
v2.8.1
v2.9.0
v2.9.1
v2.9.2