PT-2025-23665 · Pypi+11 · Requests+11

Published

2024-01-01

·

Updated

2026-04-13

·

CVE-2024-47081

CVSS v2.0

5.4

Medium

VectorAV:N/AC:H/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Python requests library (affected versions not specified)
Description The issue concerns a netrc credential leak in the Python requests library. This library is a simple, yet elegant, HTTP library. It leaks .netrc credentials to third parties due to incorrect URL processing under specific conditions.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficiently Protected Credentials

Weakness Enumeration

CWE-522

Related Identifiers

ALSA-2025:12519
ALSA-2025:13234
ALSA-2025:13604
ALSA-2025:14750
ALSA-2025:14999
ALSA-2025_12519
ALSA-2025_13234
ALSA-2025_14750
ALSA-2025_14999
ALT-PU-2025-9170
AZL-63747
AZL-63812
BDU:2025-08576
CESA-2025_13234
CESA-2025_14750
CESA-2025_14999
CVE-2024-47081
ECHO-6FD0-2865-91FF
GHSA-9HJG-9R4M-MVJ7
INFSA-2025_12519
INFSA-2025_13234
INFSA-2025_14750
INFSA-2025_14999
OESA-2025-1674
OESA-2025-1710
OESA-2025-1711
OESA-2025-1712
OESA-2025-1825
OESA-2025-1826
OESA-2025-1827
OESA-2025-1828
OESA-2025-1979
OESA-2025-1980
OESA-2025-2173
OESA-2025-2174
OESA-2025-2175
OESA-2025-2287
OPENSUSE-SU-2025:15281-1
OPENSUSE-SU-2026:10539-1
RHSA-2025:12519
RHSA-2025:13234
RHSA-2025:13604
RHSA-2025:14750
RHSA-2025:14999
RHSA-2025:15121
RHSA-2025:15122
RHSA-2025:15614
RHSA-2025:15615
RHSA-2025:15616
RHSA-2025:15617
RHSA-2025:15618
RHSA-2025:15622
RHSA-2025:15691
RHSA-2025:15723
RHSA-2025_12519
RHSA-2025_13234
RHSA-2025_14750
RHSA-2025_14999
SUSE-SU-2025:01997-1
SUSE-SU-2025:01998-1
SUSE-SU-2025:01999-1
SUSE-SU-2025:02205-1
SUSE-SU-2025:02371-1
SUSE-SU-2025:20455-1
SUSE-SU-2025:20531-1
SUSE-SU-2025_01997-1
SUSE-SU-2025_01998-1
SUSE-SU-2025_01999-1
SUSE-SU-2025_02205-1
USN-7568-1
USN-7762-1

Affected Products

Alt Linux
Almalinux
Centos
Debian
Ibm Aix
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Requests