Описание
ELSA-2025-13604: python-requests security update (MODERATE)
[2.32.4-1]
- Update to 2.32.4
- Security fix for CVE-2024-47081: .netrc credentials leak via malicious URLs Resolves: RHEL-105460
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
python3-requests
2.32.4-1.el10_0
Oracle Linux x86_64
python3-requests
2.32.4-1.el10_0
Связанные CVE
Связанные уязвимости
Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
Requests vulnerable to .netrc credentials leak via malicious URLs
Requests is a HTTP library. Due to a URL parsing issue, Requests relea ...