VulnerableCode Package Details - pkg:deb/debian/requests@2.32.4%2Bdfsg-1?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/requests@2.32.4%2Bdfsg-1?distro=trixie

purl	pkg:deb/debian/requests@2.32.4%2Bdfsg-1?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-stx3-z3wu-pbat	Requests vulnerable to .netrc credentials leak via malicious URLs ### Impact Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. ### Workarounds For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on your Requests Session ([docs](https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env)). ### References https://github.com/psf/requests/pull/6965 https://seclists.org/fulldisclosure/2025/Jun/2	CVE-2024-47081 GHSA-9hjg-9r4m-mvj7

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T07:52:01.953729+00:00	Debian Importer	Fixing	VCID-stx3-z3wu-pbat	https://security-tracker.debian.org/tracker/data/json	38.1.0