HTTP Library Vulnerability in Requests Affects Python Applications
CVE-2024-47081
Key Information:
Badges
What is CVE-2024-47081?
CVE-2024-47081 is a security vulnerability found in the Requests library, a widely used HTTP library for Python applications. This vulnerability stems from a flaw in how the library parses URLs, which can lead to the unintended exposure of sensitive user credentials stored in a .netrc file. Specifically, when handling certain specially crafted URLs, the library may leak these credentials to unauthorized third parties. The potential consequences of this vulnerability are significant, as any exposed credentials could enable attackers to impersonate legitimate users, access secure resources, or perform unauthorized actions within affected Python applications. The recommended mitigation is to upgrade to Requests version 2.32.4, which addresses this issue. For users who cannot upgrade, disabling the use of the .netrc file with the option trust_env=False is advised.
Potential impact of CVE-2024-47081
-
Credential Exposure: The primary risk involves the potential leakage of
.netrcfile credentials, which could give attackers access to user identities and private data. This enables unauthorized actions and compromises user trust. -
Increased Attack Surface: The vulnerability creates an opening for attackers to exploit applications using the affected library, increasing the overall attack surface and risk profile for organizations that rely on these applications.
-
Compliance and Regulatory Risks: Organizations handling sensitive user data may face compliance challenges and legal repercussions if exposed credentials lead to data breaches. This adds financial and reputational risks, further escalating the impact of this vulnerability.
Affected Version(s)
requests < 2.32.4
News Articles
Seclists.orgCVE-2024-47081oss-sec: Re: CVE-2024-47081: Netrc credential leak in PSF requests library
oss-sec mailing list archives Re: CVE-2024-47081: Netrc credential leak in PSF requests library From: Demi Marie Obenour <demiobenour () gmail com> Date: Tue, 3 Jun 2025 20:53:15 -0400 On 6/3/25...
wiz.ioCVE-2024-47081CVE-2024-47081 Impact, Exploitability, and Mitigation Steps | Wiz
Understand the critical aspects of CVE-2024-47081 with a detailed vulnerability assessment, exploitation potential, affected technologies, and remediation guidance.
Seclists.orgCVE-2024-47081oss-sec: CVE-2024-47081: Netrc credential leak in PSF requests library
oss-sec mailing list archives From: Alan Coopersmith <alan.coopersmith () oracle com> Date: Tue, 3 Jun 2025 10:09:52 -0700 [I'm not sure how the attacker is supposed to get the victim to make a...