QwikSec

Security Database

CVE

CWE

Training

CVE-2024-47081

Published: Jun 9, 2025

Modified: Jun 9, 2025

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

Vendor	Product	Versions
psf	requests	affected `< 2.32.4`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7

x_refsource_CONFIRM

https://github.com/psf/requests/pull/6965

x_refsource_MISC

https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef

x_refsource_MISC

https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env

x_refsource_MISC

https://seclists.org/fulldisclosure/2025/Jun/2

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.