Home

CVE-2024-47081

Description

Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with trust_env=False on ones Requests Session.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.07

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 24.0.0Windows
Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0.106Windows
Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.1.13Windows
Vulnerabilities CVE-2024-47081 are fixed in Python-requests 2.32.4Windows
elegant and simple HTTP library for Python (USN-7568-1) python3-requests_2.25.1+dfsg-2ubuntu0.3_all.debLinux
elegant and simple HTTP library for Python (USN-7568-1) python3-requests_2.31.0+dfsg-1ubuntu1.1_all.debLinux
elegant and simple HTTP library for Python (USN-7568-1) python3-requests_2.32.3+dfsg-1ubuntu1.1_all.debLinux
elegant and simple HTTP library for Python (USN-7568-1) python3-requests_2.32.3+dfsg-4ubuntu1.1_all.debLinux
SUSE-SU-2025:01998-1(Basesystem Module 15 SP6) python3-requests-2.25.1-150300.3.15.1.noarch.rpmLinux
python-requests Security Update (ALAS-2025-2907) python-requests-2.6.0-10.amzn2.0.7.noarch.rpmLinux
python3-requests Security Update (ALAS-2025-2906) python3-requests-2.14.2-2.amzn2.0.5.noarch.rpmLinux
python3-requests Security Update (ALAS2-2025-2906) python3-requests-2.14.2-2.amzn2.0.5.noarch.rpmLinux
python-requests Security Update (ALAS2-2025-2907) python-requests-2.6.0-10.amzn2.0.7.noarch.rpmLinux
python-pip Security Update (ALAS2-2025-2928) python3-pip-20.2.2-1.amzn2.0.11.noarch.rpmLinux
python-pip Security Update (ALAS2-2025-2928) python2-pip-20.2.2-1.amzn2.0.11.noarch.rpmLinux
python-pip Security Update (ALAS2-2025-2928) python-pip-wheel-20.2.2-1.amzn2.0.11.noarch.rpmLinux
python3.12-pip Security Update (ALAS2023-2025-1083) python3.12-pip-wheel-23.2.1-4.amzn2023.0.3.noarch.rpmLinux
python3.12-pip Security Update (ALAS2023-2025-1083) python3.12-pip-23.2.1-4.amzn2023.0.3.noarch.rpmLinux
SUSE-SU-2025:01998-1(Basesystem Module 15 SP7) python3-requests-2.25.1-150300.3.15.1.noarch.rpmLinux
(RHSA-2025:12519)Moderate: security update RHSA-2025:12519 python3-requests+socks-2.25.1-10.el9_6.noarch.rpmLinux
(RHSA-2025:12519)Moderate: security update RHSA-2025:12519 python3-requests+security-2.25.1-10.el9_6.noarch.rpmLinux
(RHSA-2025:12519)Moderate: security update RHSA-2025:12519 python3-requests-2.25.1-10.el9_6.noarch.rpmLinux
Python3-requests+socks update (ELSA-2025-12519) ELSA-2025-12519 python3-requests+socks-2.25.1-10.el9_6.noarch.rpmLinux
Python3-requests+security update (ELSA-2025-12519) ELSA-2025-12519 python3-requests+security-2.25.1-10.el9_6.noarch.rpmLinux
Python3-requests update (ELSA-2025-12519) ELSA-2025-12519 python3-requests-2.25.1-10.el9_6.noarch.rpmLinux
python-requests Security Update (ALAS2023-2025-1110) ALAS2023-2025-1110 python3-requests+socks-2.25.1-1.amzn2023.0.6.noarch.rpmLinux
python-requests Security Update (ALAS2023-2025-1110) ALAS2023-2025-1110 python3-requests+security-2.25.1-1.amzn2023.0.6.noarch.rpmLinux
python-requests Security Update (ALAS2023-2025-1110) ALAS2023-2025-1110 python3-requests-2.25.1-1.amzn2023.0.6.noarch.rpmLinux
python3.11-pip Security Update (ALAS2023-2025-1097) ALAS2023-2025-1097 python3.11-pip-wheel-22.3.1-2.amzn2023.0.7.noarch.rpmLinux
python3.11-pip Security Update (ALAS2023-2025-1097) ALAS2023-2025-1097 python3.11-pip-22.3.1-2.amzn2023.0.7.noarch.rpmLinux
(RHSA-2025:13234)Moderate: security update RHSA-2025:13234 python3-requests-2.20.0-6.el8_10.noarch.rpmLinux
python3 update (TU-CESAS-0017) TU-CESAS-0017 python3-requests+socks-2.25.1-10.el9.noarch.rpmLinux
python3 update (TU-CESAS-0017) TU-CESAS-0017 python3-requests+security-2.25.1-10.el9.noarch.rpmLinux
python3 update (TU-CESAS-0017) TU-CESAS-0017 python3-requests-2.32.4-1.el10.noarch.rpmLinux
python3 update (TU-CESAS-0017) TU-CESAS-0017 python3-requests-2.25.1-10.el9.noarch.rpmLinux
python3 update (TU-CESAS-0017) TU-CESAS-0017 python3-libxml2-2.9.13-12.el9.x86_64.rpmLinux
python3 update (TU-CESAS-0017) TU-CESAS-0017 python3-libxml2-2.12.5-9.el10.x86_64.rpmLinux
Python3-requests update (ELSA-2025-13234) ELSA-2025-13234 python3-requests-2.20.0-6.el8_10.noarch.rpmLinux
(RHSA-2025:13604)Moderate: security update RHSA-2025:13604 python3-requests-2.32.4-1.el10_0.noarch.rpmLinux
Vulnerabilities CVE-2024-47081 are fixed in Python-requests for linux 2.32.4Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234