ALPINE-CVE-2024-47081

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2024-47081
Published: 09 Jun 2025, 18:15
Last modified:03 Dec 2025, 23:07

Vulnerability Summary

Overall Risk (default)
low
21/100
CVSS Score
5.3 MEDIUM
3.1 (osv_alpine)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

09 Jun 2025, 18:15
Published
Vulnerability first disclosed
03 Dec 2025, 23:07
Last Modified
Vulnerability information updated

Description

Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

CVSS Metrics

  • v3.1MEDIUMScore: 5.3CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Systems

  • alpinepy3-requests

    < 2.32.4-r0 | < 2.32.4-r0 | < 2.32.4-r0 | < 2.32.4-r0 | < 2.32.4-r0

References (1)