Acknowledged
Created: Jun 2, 2024
Updated: Mar 20, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Userspace
Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.
CREATE(Triage):(User=admin) CVE-2024-35195 (https://nvd.nist.gov/vuln/detail/CVE-2024-35195)
