Mikeassel

**Name of the Vulnerable Software and Affected Versions** Requests versions prior to 2.32.0 **Description** The issue is related to the incorrect implementation of control flow in the Python Requests library, which can allow an attacker to access confidential data. When making requests through a Requests Session, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. **Recommendations** * Upgrade to version 2.32.0 or later. * For versions prior to 2.32.0, avoid setting `verify=False` for the first request to a host while using a Requests Session. * For versions prior to 2.32.0, call `close()` on Session objects to clear existing connections if `verify=False` is used.