IBM COS SDK PYTHON (latest version 2.13.4.) has vulnerability library requests-2.31.0-py3-none-any.whl - Pls upgrade the library

rganeshpsgcs commented 5 months ago

Vulnerability Description

**

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verify. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.

Recommendations to fix

Upgrade requests to version 2.32.0 or higher

rganeshpsgcs commented 5 months ago

Any updates for this issue team?

IBMalok commented 5 months ago

@rganeshpsgcs The fix will be delivered this week.

IBMalok commented 5 months ago

@rganeshpsgcs - The fix is available in 2.13.5; please verify.

rganeshpsgcs commented 5 months ago

@rganeshpsgcs - The fix is available in 2.13.5; please verify.

thank you i will verify and update.

IBMalok commented 5 months ago

Closing as the fix provided in 2.13.5. Thanks.

IBM / ibm-cos-sdk-python

IBM COS SDK PYTHON (latest version 2.13.4.) has vulnerability library requests-2.31.0-py3-none-any.whl - Pls upgrade the library #61