Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when making requests through a Requests Session. An attacker can bypass certificate verification by making the first request with verify=False, causing all subsequent requests to ignore certificate verification regardless of changes to the verify value.
Introduced through:
requests@2.31.0
Remediation:
upgrade requests to v2.32.0
Completion criteria:
[ ] upgrade requests to v2.32.0 and verify snyk cli no longer flags requests as vulnerable package
Overview
Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when making requests through a Requests Session. An attacker can bypass certificate verification by making the first request with verify=False, causing all subsequent requests to ignore certificate verification regardless of changes to the verify value.
Introduced through:
requests@2.31.0
Remediation:
upgrade requests to v2.32.0
Completion criteria: