vulnerability
Oracle Linux: CVE-2024-35195: ELSA-2025-0012: python-requests security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:H/Au:M/C:C/I:C/A:N) | May 20, 2024 | Jan 3, 2025 | Dec 3, 2025 |
Severity
5
CVSS
(AV:L/AC:H/Au:M/C:C/I:C/A:N)
Published
May 20, 2024
Added
Jan 3, 2025
Modified
Dec 3, 2025
Description
Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.
An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.
An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.
Solutions
oracle-linux-upgrade-python3-requestsoracle-linux-upgrade-python3-requests-securityoracle-linux-upgrade-python3-requests-socks
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.