Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-duvn-u125-dqan
Vulnerability ID VCID-duvn-u125-dqan
Aliases CVE-2024-35195
GHSA-9wx4-h78v-vm56
Summary Requests `Session` object does not verify requests after making first request with verify=False When using a `requests.Session`, if the first request to a given origin is made with `verify=False`, TLS certificate verification may remain disabled for all subsequent requests to that origin, even if `verify=True` is explicitly specified later. This occurs because the underlying connection is reused from the session's connection pool, causing the initial TLS verification setting to persist for the lifetime of the pooled connection. As a result, applications may unintentionally send requests without certificate verification, leading to potential man-in-the-middle attacks and compromised confidentiality or integrity. This behavior affects versions of `requests` prior to 2.32.0.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-670 Always-Incorrect Control Flow Implementation
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 5.6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35195.json
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-35195
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-35195
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-35195
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-35195
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-35195
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-35195
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-35195
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-35195
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-35195
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-35195
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-35195
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-35195
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-35195
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-35195
cvssv3.1 6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-9wx4-h78v-vm56
cvssv3.1 5.6 https://github.com/psf/requests
generic_textual MODERATE https://github.com/psf/requests
cvssv3.1 5.6 https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac
generic_textual MODERATE https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac
ssvc Track https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac
cvssv3.1 5.6 https://github.com/psf/requests/pull/6655
generic_textual MODERATE https://github.com/psf/requests/pull/6655
ssvc Track https://github.com/psf/requests/pull/6655
cvssv3.1 5.6 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
cvssv3.1_qr MODERATE https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
generic_textual MODERATE https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
ssvc Track https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
cvssv3.1 5.6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q
cvssv3.1 5.6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q/
cvssv3.1 5.6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ
cvssv3.1 5.6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ/
cvssv3.1 5.6 https://nvd.nist.gov/vuln/detail/CVE-2024-35195
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-35195
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35195.json
https://api.first.org/data/v1/epss?cve=CVE-2024-35195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35195
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/psf/requests
https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac
https://github.com/psf/requests/pull/6655
https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ
https://nvd.nist.gov/vuln/detail/CVE-2024-35195
1071593 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071593
2282114 https://bugzilla.redhat.com/show_bug.cgi?id=2282114
GHSA-9wx4-h78v-vm56 https://github.com/advisories/GHSA-9wx4-h78v-vm56
IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q/
N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ/
RHSA-2024:3781 https://access.redhat.com/errata/RHSA-2024:3781
RHSA-2024:4522 https://access.redhat.com/errata/RHSA-2024:4522
RHSA-2024:9988 https://access.redhat.com/errata/RHSA-2024:9988
RHSA-2025:0012 https://access.redhat.com/errata/RHSA-2025:0012
RHSA-2025:1335 https://access.redhat.com/errata/RHSA-2025:1335
RHSA-2025:2399 https://access.redhat.com/errata/RHSA-2025:2399
RHSA-2025:7049 https://access.redhat.com/errata/RHSA-2025:7049
RHSA-2025:8385 https://access.redhat.com/errata/RHSA-2025:8385
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35195.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/psf/requests
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-21T14:17:58Z/ Found at https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/psf/requests/pull/6655
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-21T14:17:58Z/ Found at https://github.com/psf/requests/pull/6655
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-21T14:17:58Z/ Found at https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-21T14:17:58Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q/
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-21T14:17:58Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ/
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-35195
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.13691
EPSS Score 0.00044
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:52:10.193497+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-9wx4-h78v-vm56/GHSA-9wx4-h78v-vm56.json 38.0.0