Search for packages
| purl | pkg:deb/debian/requests@2.25.1%2Bdfsg-2 |
| Next non-vulnerable version | 2.32.3+dfsg-5 |
| Latest non-vulnerable version | 2.32.3+dfsg-5 |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8k1j-7dnf-c7c9
Aliases: CVE-2023-32681 GHSA-j8r2-6x86-q33q PYSEC-2023-74 |
Affected by 0 other vulnerabilities. |
|
|
VCID-9cnc-crya-jyes
Aliases: CVE-2024-35195 GHSA-9wx4-h78v-vm56 |
Requests `Session` object does not verify requests after making first request with verify=False When making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same origin will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. ### Remediation Any of these options can be used to remediate the current issue, we highly recommend upgrading as the preferred mitigation. * Upgrade to `requests>=2.32.0`. * For `requests<2.32.0`, avoid setting `verify=False` for the first request to a host while using a Requests Session. * For `requests<2.32.0`, call `close()` on `Session` objects to clear existing connections if `verify=False` is used. ### Related Links * https://github.com/psf/requests/pull/6655 |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-01T15:21:50.219429+00:00 | Debian Importer | Affected by | VCID-8k1j-7dnf-c7c9 | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-07-01T15:09:17.422168+00:00 | Debian Importer | Affected by | VCID-9cnc-crya-jyes | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |