Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Requests `Session` object does not verify requests after making first request with verify=False
Vulnerability Description
Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
控制流实现总是不正确
Vulnerability Title
Requests 安全漏洞
Vulnerability Description
Requests是Python基金会的一个优雅而简单的HTTP库。通过请求,您可以非常轻松地发送HTTP / 1.1请求。无需将查询字符串手动添加到您的URL,也无需对POST数据进行表单编码。 Requests 2.32.0之前版本存在安全漏洞,该漏洞源于禁用证书验证后在连接的生命周期中持续存在,后续所有请求都将被忽略。
CVSS Information
N/A
Vulnerability Type
N/A