发布于3月6日3月6日 Members Oracle Linux: CVE-2024-35195: ELSA-2025-0012:python-requests security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:H/Au:M/C:C/I:C/A:N) Published 05/20/2024 Created 01/07/2025 Added 01/03/2025 Modified 01/10/2025 Description Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0. An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification. Solution(s) oracle-linux-upgrade-python3-requests References https://attackerkb.com/topics/cve-2024-35195 CVE - 2024-35195 ELSA-2025-0012
