All vulnerabilities

CVE-2024-47081

Requests vulnerable to .netrc credentials leak via malicious URLs

Description

Impact

Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs.

Workarounds

For older versions of Requests, use of the .netrc file can be disabled with trust_env=False on your Requests Session (docs).

References

https://github.com/psf/requests/pull/6965 https://seclists.org/fulldisclosure/2025/Jun/2

Patch Available

Fix available through Seal Security. 

No upgrade required, protect your application instantly.

Fix without upgrading
Score
5.3
Severity
Medium
Ecosystem
Python
Publish Date
June 9, 2025
Modified Date
February 3, 2026
Score Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Versions