Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 932327

Summary: <dev-python/requests-2.32.0: Session object does not verify requests after making first request with verify=False
Product: Gentoo Security Reporter: Michał Górny <mgorny>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: python
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
Whiteboard: B4 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 932326    
Bug Blocks:    

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2024-05-21 04:16:07 UTC 
When making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same origin will continue to ignore cert verification regardless of changes to the value of verify. This behavior will continue for the lifecycle of the connection in the connection pool.
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2024-05-21 12:44:21 UTC 
Cleaned old up.