Vulnerabilities

 1 via 1 paths

Dependencies

 6

Source

 GitHub

Commit

 a2188fc9

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Always-Incorrect Control Flow Implementation

  • Vulnerable module: requests
  • Introduced through: requests@2.31.0

Detailed paths

  • Introduced through: lifehackjim/cert_human@lifehackjim/cert_human#a2188fc9c961192885fc2421ca89c032efb9ef98 requests@2.31.0
    Remediation: Upgrade to requests@2.32.0.

Overview

Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when making requests through a Requests Session. An attacker can bypass certificate verification by making the first request with verify=False, causing all subsequent requests to ignore certificate verification regardless of changes to the verify value.

Notes:

  1. For requests<2.32.0, avoid setting verify=False for the first request to a host while using a Requests Session.

  2. For requests<2.32.0, call close() on Session objects to clear existing connections if verify=False is used.

Remediation

Upgrade requests to version 2.32.0 or higher.

References

Always-Incorrect Control Flow Implementation vulnerability report