Home > Vulnerability Database > CVE-2024-35195

Mend.io Vulnerability Database

CVE-2024-35195

Good to know:

Date: May 20, 2024

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests "Session", if the first request is made with "verify=False" to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of "verify". This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.

Language: Python

Severity Score

5.6

Related Resources (12)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-35195

Url: https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q/

Url: https://security-tracker.debian.org/tracker/CVE-2024-35195

Url: https://github.com/psf/requests

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q

Url: https://security.alpinelinux.org/vuln/CVE-2024-35195

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ

Url: https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac

Url: https://github.com/psf/requests/pull/6655

Url: https://www.mend.io/vulnerability-database/CVE-2024-35195

Severity Score

5.6

Weakness Type (CWE)

Always-Incorrect Control Flow Implementation

CWE-670

Top Fix

Upgrade Version

Upgrade to version requests - 2.32.0

Learn More

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-35195

Good to know:

Date: May 20, 2024

Language: Python

Severity Score

Related Resources (12)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?