Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-35195

Опубликовано: 20 мая 2024
Источник: redhat
CVSS3: 5.6
EPSS Низкий

Описание

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verify. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.

An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Certification for Red Hat Enterprise Linux 8redhat-certification-baremetal-containerWill not fix
Red Hat Certification Program for Red Hat Enterprise Linux 9redhat-certificationWill not fix
Red Hat Developer Hubrhdh-operator-containerNot affected
Red Hat Discovery 1discovery-server-containerNot affected
Red Hat Enterprise Linux 10python-pipNot affected
Red Hat Enterprise Linux 10python-requestsAffected
Red Hat Enterprise Linux 10python-tornadoNot affected
Red Hat Enterprise Linux 6python-requestsOut of support scope
Red Hat Enterprise Linux 7pykickstartOut of support scope
Red Hat Enterprise Linux 7python-pipNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-670
https://bugzilla.redhat.com/show_bug.cgi?id=2282114requests: subsequent requests to the same host ignore cert verification

EPSS

Процентиль: 14%
0.00046
Низкий

5.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-35195

CVSS3: 5.6
ubuntu
почти 2 года назад

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.

nvd логотип

CVE-2024-35195

CVSS3: 5.6
nvd
почти 2 года назад

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.

msrc логотип

CVE-2024-35195

CVSS3: 5.6
msrc
почти 2 года назад

Requests `Session` object does not verify requests after making first request with verify=False

debian логотип

CVE-2024-35195

CVSS3: 5.6
debian
почти 2 года назад

Requests is a HTTP library. Prior to 2.32.0, when making requests thro ...

suse-cvrf логотип

SUSE-SU-2024:2068-1

suse-cvrf
почти 2 года назад

Security update for python-requests

EPSS

Процентиль: 14%
0.00046
Низкий

5.6 Medium

CVSS3