|
|
Requests is a HTTP library. Due to a URL parsing issue, Requests
releases prior to 2.32.4 may leak .netrc credentials to third parties
for specific maliciously-crafted URLs. Users should upgrade to version
2.32.4 to receive a fix. For older versions of Requests, use of the
.netrc file can be disabled with `trust_env=False` on one's Requests
Session.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-47081
Upstream patch:
https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef
(From OE-Core rev: 37d746033710509ffabc244e0130d20fd81d9673)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
