VulnerableCode Package Details - pkg:deb/debian/requests@2.32.3%2Bdfsg-1?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/requests@2.32.3%2Bdfsg-1?distro=trixie

purl	pkg:deb/debian/requests@2.32.3%2Bdfsg-1?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-duvn-u125-dqan	Requests `Session` object does not verify requests after making first request with verify=False When using a `requests.Session`, if the first request to a given origin is made with `verify=False`, TLS certificate verification may remain disabled for all subsequent requests to that origin, even if `verify=True` is explicitly specified later. This occurs because the underlying connection is reused from the session's connection pool, causing the initial TLS verification setting to persist for the lifetime of the pooled connection. As a result, applications may unintentionally send requests without certificate verification, leading to potential man-in-the-middle attacks and compromised confidentiality or integrity. This behavior affects versions of `requests` prior to 2.32.0.	CVE-2024-35195 GHSA-9wx4-h78v-vm56

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T07:52:01.901130+00:00	Debian Importer	Fixing	VCID-duvn-u125-dqan	https://security-tracker.debian.org/tracker/data/json	38.1.0