CVE-2024-35195

EPSS 0.05%
Veröffentlicht 20.05.2024 21:15:09
Zuletzt bearbeitet 21.11.2024 09:19:54
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerrequest_project

≫

Produkt request

Default Statusunknown

Version < 2.32.0

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.138

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.6	0.3	5.2	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

CWE-670 Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac

https://github.com/psf/requests/pull/6655

https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ/

https://nvd.nist.gov/vuln/detail/CVE-2024-35195

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-35195

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-35195

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-35195