IBM COS SDK PYTHON (latest version 2.13.4.) has vulnerability library requests-2.31.0-py3-none-any.whl - Pls upgrade the library

rganeshpsgcs commented 1 month ago

Vulnerability Description

**

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verify. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.

Recommendations to fix

Upgrade requests to version 2.32.0 or higher

rganeshpsgcs commented 4 weeks ago

Any updates for this issue team?

IBMalok commented 4 weeks ago

@rganeshpsgcs The fix will be delivered this week.

IBMalok commented 3 weeks ago

@rganeshpsgcs - The fix is available in 2.13.5; please verify.

rganeshpsgcs commented 3 weeks ago

@rganeshpsgcs - The fix is available in 2.13.5; please verify.

thank you i will verify and update.

IBMalok commented 3 weeks ago

Closing as the fix provided in 2.13.5. Thanks.

IBM / ibm-cos-sdk-python

IBM COS SDK PYTHON (latest version 2.13.4.) has vulnerability library requests-2.31.0-py3-none-any.whl - Pls upgrade the library #61