CVE-2024-47081

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47081

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47081.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-47081

Aliases

GHSA-9hjg-9r4m-mvj7

Downstream

ALPINE-CVE-2024-47081

BELL-CVE-2024-47081

DEBIAN-CVE-2024-47081

ECHO-6fd0-2865-91ff

MINI-4264-8x7m-ffv5

MINI-577q-gwpm-5335

MINI-66x3-p8j6-jx66

MINI-9j85-x99w-c53f

MINI-r9pq-9c7c-f6xq

OESA-2025-1674

OESA-2025-1710

OESA-2025-1711

OESA-2025-1712

OESA-2025-1825

OESA-2025-1826

OESA-2025-1827

OESA-2025-1828

OESA-2025-1979

OESA-2025-1980

OESA-2025-2173

OESA-2025-2174

OESA-2025-2175

OESA-2025-2287

RHSA-2025:12519

RHSA-2025:13234

RHSA-2025:13604

RHSA-2025:14750

RHSA-2025:14999

RHSA-2025:15121

RHSA-2025:15122

RHSA-2025:15614

RHSA-2025:15615

RHSA-2025:15616

RHSA-2025:15617

RHSA-2025:15618

RHSA-2025:15622

RHSA-2025:15691

RHSA-2025:15723

RLSA-2025:12519

RLSA-2025:13234

RLSA-2025:13604

RLSA-2025:14750

RLSA-2025:14999

SUSE-SU-2025:02205-1

UBUNTU-CVE-2024-47081

USN-7568-1

USN-7762-1

Related

Published

2025-06-09T17:57:47Z

Modified

2025-10-09T17:04:16.211944Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Requests vulnerable to .netrc credentials leak via malicious URLs

Details

Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with trust_env=False on one's Requests Session.

References

Affected packages

Git / github.com/psf/requests

Affected ranges

Type: GIT
Repo: https://github.com/psf/requests
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

021dc729f0b71a3030cefdbec7fb57a0e80a6cfd

Affected versions

2.*

2.0

v0.*

v0.10.0

v0.10.1

v0.10.2

v0.10.3

v0.10.4

v0.10.5

v0.10.6

v0.10.7

v0.10.8

v0.11.1

v0.12.0

v0.12.1

v0.13.0

v0.13.1

v0.13.2

v0.13.3

v0.13.4

v0.13.5

v0.13.6

v0.13.7

v0.13.9

v0.14.0

v0.14.1

v0.14.2

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.2.4

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.4.0

v0.4.1

v0.5.0

v0.5.1

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.6

v0.8.7

v0.8.8

v0.8.9

v0.9.0

v0.9.1

v0.9.3

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v2.*

v2.0

v2.0.0

v2.0.1

v2.1.0

v2.10.0

v2.11.0

v2.11.1

v2.12.0

v2.12.1

v2.12.2

v2.12.3

v2.12.4

v2.12.5

v2.13.0

v2.14.0

v2.14.1

v2.14.2

v2.15.0

v2.15.1

v2.16.0

v2.16.1

v2.16.2

v2.16.3

v2.16.4

v2.16.5

v2.17.0

v2.17.1

v2.17.3

v2.18.0

v2.18.1

v2.18.2

v2.18.3

v2.18.4

v2.19.0

v2.19.1

v2.2.0

v2.2.1

v2.20.0

v2.20.1

v2.21.0

v2.22.0

v2.24.0

v2.25.0

v2.25.1

v2.26.0

v2.27.0

v2.27.1

v2.28.0

v2.28.1

v2.28.2

v2.29.0

v2.3.0

v2.30.0

v2.31.0

v2.32.0

v2.32.1

v2.32.2

v2.32.3

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.6.0

v2.6.1

v2.6.2

v2.7.0

v2.8.0

v2.8.1

v2.9.0

v2.9.1

v2.9.2