A reachable construct was identified in requests==2.24.0 through my static analysis database. This version has been flagged as vulnerable in PyPI's open-source vulnerability database. The analysis uncovered 1 call chain leading to this construct. Below is one example to illustrate the potential vulnerability:
We suspect that this construct may be vulnerable because it was modified in a [security-related patch]. This suggests that the original code might have contained a flaw, and it may still be risky to use the affected version (requests==2.24.0) without further investigation.
Note:
This issue was identified through a static analysis of the project at commit [4debaa28229517e11b5a21bee2fc632e2b1f1769].
Summary
A reachable construct was identified in
requests==2.24.0through my static analysis database. This version has been flagged as vulnerable in PyPI's open-source vulnerability database. The analysis uncovered 1 call chain leading to this construct. Below is one example to illustrate the potential vulnerability:Call Chain Analysis
.lib.api.user_info->.lib.api.get_page->requests.sessions.Session.get->requests.sessions.Session.request->requests.sessions.Session.send->requests.sessions.SessionRedirectMixin.resolve_redirects->requests.sessions.SessionRedirectMixin.rebuild_proxies
Patch and Code Changes
We suspect that this construct may be vulnerable because it was modified in a [security-related patch]. This suggests that the original code might have contained a flaw, and it may still be risky to use the affected version (
requests==2.24.0) without further investigation.Note:
This issue was identified through a static analysis of the project at commit [4debaa28229517e11b5a21bee2fc632e2b1f1769].