Search for vulnerabilities
Vulnerability details: VCID-c9yw-g7v4-mkeh
Vulnerability ID VCID-c9yw-g7v4-mkeh
Aliases CVE-2024-47081
GHSA-9hjg-9r4m-mvj7
Summary Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-522 Insufficiently Protected Credentials
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47081.json
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2024-47081
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2024-47081
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2024-47081
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2024-47081
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2024-47081
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2024-47081
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2024-47081
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2024-47081
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2024-47081
cvssv3.1 5.3 http://seclists.org/fulldisclosure/2025/Jun/2
generic_textual MODERATE http://seclists.org/fulldisclosure/2025/Jun/2
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-9hjg-9r4m-mvj7
cvssv3.1 5.3 https://github.com/psf/requests
generic_textual MODERATE https://github.com/psf/requests
cvssv3.1 5.3 https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef
generic_textual MODERATE https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef
ssvc Track https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef
cvssv3.1 5.3 https://github.com/psf/requests/pull/6965
generic_textual MODERATE https://github.com/psf/requests/pull/6965
ssvc Track https://github.com/psf/requests/pull/6965
cvssv3.1 5.3 https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7
cvssv3.1_qr MODERATE https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7
generic_textual MODERATE https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7
ssvc Track https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2024-47081
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-47081
cvssv3.1 5.3 https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env
generic_textual MODERATE https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env
ssvc Track https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env
cvssv3.1 5.3 https://seclists.org/fulldisclosure/2025/Jun/2
generic_textual MODERATE https://seclists.org/fulldisclosure/2025/Jun/2
ssvc Track https://seclists.org/fulldisclosure/2025/Jun/2
cvssv3.1 5.3 http://www.openwall.com/lists/oss-security/2025/06/03/11
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2025/06/03/11
cvssv3.1 5.3 http://www.openwall.com/lists/oss-security/2025/06/03/9
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2025/06/03/9
cvssv3.1 5.3 http://www.openwall.com/lists/oss-security/2025/06/04/1
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2025/06/04/1
cvssv3.1 5.3 http://www.openwall.com/lists/oss-security/2025/06/04/6
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2025/06/04/6
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47081.json
https://api.first.org/data/v1/epss?cve=CVE-2024-47081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47081
http://seclists.org/fulldisclosure/2025/Jun/2
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/psf/requests
https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef
https://github.com/psf/requests/pull/6965
https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7
https://nvd.nist.gov/vuln/detail/CVE-2024-47081
https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env
https://seclists.org/fulldisclosure/2025/Jun/2
http://www.openwall.com/lists/oss-security/2025/06/03/11
http://www.openwall.com/lists/oss-security/2025/06/03/9
http://www.openwall.com/lists/oss-security/2025/06/04/1
http://www.openwall.com/lists/oss-security/2025/06/04/6
1107368 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107368
2371272 https://bugzilla.redhat.com/show_bug.cgi?id=2371272
GHSA-9hjg-9r4m-mvj7 https://github.com/advisories/GHSA-9hjg-9r4m-mvj7
USN-7568-1 https://usn.ubuntu.com/7568-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47081.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://seclists.org/fulldisclosure/2025/Jun/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/psf/requests
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T18:39:03Z/ Found at https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/psf/requests/pull/6965
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T18:39:03Z/ Found at https://github.com/psf/requests/pull/6965
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T18:39:03Z/ Found at https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-47081
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T18:39:03Z/ Found at https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://seclists.org/fulldisclosure/2025/Jun/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T18:39:03Z/ Found at https://seclists.org/fulldisclosure/2025/Jun/2
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2025/06/03/11
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2025/06/03/9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2025/06/04/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2025/06/04/6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.17919
EPSS Score 0.00057
Published At June 10, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-06-04T07:55:07.294917+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 36.1.0