{"id":"AZL-63747","summary":"CVE-2024-47081 affecting package python-requests for versions less than 2.31.0-3","details":"Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.","modified":"2026-04-01T05:20:12.521480Z","published":"2025-06-09T18:15:24Z","upstream":["CVE-2024-47081"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47081"}],"affected":[{"package":{"name":"python-requests","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/python-requests"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.31.0-3"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-63747.json"}}],"schema_version":"1.7.5"}