Search for packages
| purl | pkg:pypi/requests@2.32.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-stx3-z3wu-pbat
Aliases: CVE-2024-47081 GHSA-9hjg-9r4m-mvj7 |
Requests vulnerable to .netrc credentials leak via malicious URLs ### Impact Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. ### Workarounds For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on your Requests Session ([docs](https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env)). ### References https://github.com/psf/requests/pull/6965 https://seclists.org/fulldisclosure/2025/Jun/2 |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T23:30:29.754951+00:00 | GitLab Importer | Affected by | VCID-stx3-z3wu-pbat | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/requests/CVE-2024-47081.yml | 38.4.0 |
| 2026-04-12T00:50:11.990494+00:00 | GitLab Importer | Affected by | VCID-stx3-z3wu-pbat | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/requests/CVE-2024-47081.yml | 38.3.0 |
| 2026-04-03T00:58:15.478249+00:00 | GitLab Importer | Affected by | VCID-stx3-z3wu-pbat | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/requests/CVE-2024-47081.yml | 38.1.0 |