{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "python-requests", "platforms": ["cpe:/o:redhat:enterprise_linux:6"], "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-47081"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue. \n            Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-522: Insufficiently Protected Credentials vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and enforced through least privilege, ensuring only authorized users can execute or modify code. This secure access mechanism also protects credentials in transit, preventing interception or misuse. Domain accounts follow predefined lockout policies to detect repeated failed login attempts and reduce the risk of credential compromise. The platform further enforces identity verification through IAM roles, restricting infrastructure management to authorized personnel.\n            Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-09T17:57:00Z", "x_subShortName": "redhat_6"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "python-requests", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents-aliyun", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents-gcp", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents-sap", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents-sap-hana", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents-sap-hana-scaleout", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "sap-cluster-connector", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-47081"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue. \n            \n            Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, {"lang": "en", "value": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2024-47081."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-09T17:57:00Z", "x_subShortName": "redhat_7"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "python-requests", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3-requests", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-aliyun", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-all", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-amt-ws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-apc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-apc-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-aws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-azure-arm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-bladecenter", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-brocade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-cisco-mds", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-cisco-ucs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-common", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-compute", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-drac5", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-eaton-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-emerson", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-eps", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-gce", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-heuristics-ping", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-hpblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ibm-powervs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ibm-vpc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ibmblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ifmib", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ilo-moonshot", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ilo-mp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ilo-ssh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ilo2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-intelmodular", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ipdu", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-ipmilan", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-kdump", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-kubevirt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-lpar", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-mpath", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-openstack", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-redfish", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-rhevm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-rsa", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-rsb", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-sbd", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-scsi", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-virsh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-vmware-rest", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-vmware-soap", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-wti", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "fence-agents-zvm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "platform-python-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.20.0-6.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.11-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.11-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.12-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.12-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "resource-agents", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.16", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "resource-agents-aliyun", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.16", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "resource-agents-gcp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.16", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "resource-agents-paf", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.16", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:13234"}, {"url": "https://access.redhat.com/errata/RHSA-2025:14750"}, {"url": "https://access.redhat.com/errata/RHSA-2025:14999"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-47081"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue. \n            \n            Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, {"lang": "en", "value": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* requests: Requests vulnerable to .netrc credentials leak via malicious URLs (CVE-2024-47081)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."}, {"lang": "en", "value": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2024-47081."}, {"lang": "en", "value": "The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. \n\nSecurity Fix(es):\n\n* requests: Requests vulnerable to .netrc credentials leak via malicious URLs (CVE-2024-47081)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."}, {"lang": "en", "value": "The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.\n\nSecurity Fix(es):\n\n* requests: Requests vulnerable to .netrc credentials leak via malicious URLs (CVE-2024-47081)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-09T17:57:00Z", "x_subShortName": "redhat_8"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "fence-agents", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-aliyun", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-all", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-amt-ws", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-apc", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-apc-snmp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-aws", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-azure-arm", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-bladecenter", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-brocade", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-cisco-mds", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-cisco-ucs", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-common", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-compute", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-drac5", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-eaton-snmp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-emerson", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-eps", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-gce", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-heuristics-ping", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-hpblade", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ibm-powervs", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ibm-vpc", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ibmblade", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ifmib", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo-moonshot", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo-mp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo-ssh", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo2", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-intelmodular", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ipdu", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ipmilan", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-kdump", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-kubevirt", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-lpar", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-mpath", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-openstack", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-redfish", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-rhevm", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-rsa", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-rsb", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-sbd", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-scsi", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-virsh", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-vmware-rest", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-vmware-soap", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-wti", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-zvm", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virt", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd-cpg", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd-libvirt", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd-multicast", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd-serial", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd-tcp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ha-cloud-support", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.25.1-10.el9_6", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-requests+security", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.25.1-10.el9_6", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-requests+socks", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.25.1-10.el9_6", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.11-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.11-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.12-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3.12-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:12519"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-47081"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue. \n            \n            Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, {"lang": "en", "value": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* requests: Requests vulnerable to .netrc credentials leak via malicious URLs (CVE-2024-47081)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."}, {"lang": "en", "value": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2024-47081."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-09T17:57:00Z", "x_subShortName": "redhat_9"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"medium\"}"}}}], "affected": [{"vendor": "canonical", "product": "python-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.18.4-2ubuntu0.1+esm2", "versionType": "custom"}], "platforms": ["bionic"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.18.4-2ubuntu0.1+esm2", "versionType": "custom"}], "platforms": ["bionic"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.22.0-2ubuntu1.1+esm1", "versionType": "custom"}], "platforms": ["focal"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "0:22.0.2+dfsg-1ubuntu0.7", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-pip-whl", "versions": [{"status": "affected", "version": "0", "lessThan": "0:22.0.2+dfsg-1ubuntu0.7", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.25.1+dfsg-2ubuntu0.3", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "0:24.0+dfsg-1ubuntu1.3", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-pip-whl", "versions": [{"status": "affected", "version": "0", "lessThan": "0:24.0+dfsg-1ubuntu1.3", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.31.0+dfsg-1ubuntu1.1", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.2.1-1ubuntu0.4+esm1", "versionType": "custom"}], "platforms": ["trusty"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python-requests-whl", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.2.1-1ubuntu0.4+esm1", "versionType": "custom"}], "platforms": ["trusty"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.2.1-1ubuntu0.4+esm1", "versionType": "custom"}], "platforms": ["trusty"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.9.1-3ubuntu0.1+esm2", "versionType": "custom"}], "platforms": ["xenial"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.9.1-3ubuntu0.1+esm2", "versionType": "custom"}], "platforms": ["xenial"], "defaultStatus": "unaffected"}], "references": [{"url": "https://ubuntu.com/security/CVE-2024-47081"}, {"url": "https://ubuntu.com/security/notices/USN-7568-1"}, {"url": "https://ubuntu.com/security/notices/USN-7762-1"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"}], "descriptions": [{"lang": "en", "value": "Requests is a HTTP library. Due to a URL parsing issue, Requests releasesprior to 2.32.4 may leak .netrc credentials to third parties for specificmaliciously-crafted URLs. Users should upgrade to version 2.32.4 to receivea fix. For older versions of Requests, use of the .netrc file can bedisabled with `trust_env=False` on one's Requests Session."}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2025-06-09T18:15:00Z", "x_subShortName": "canonical"}}, {"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"not yet assigned\"}"}}}], "affected": [{"vendor": "debian", "product": "requests", "platforms": ["bookworm", "bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "python-requests-doc", "versions": [{"status": "affected", "version": "0", "lessThan": "2.32.4+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "2.32.4+dfsg-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "python-requests-doc", "versions": [{"status": "affected", "version": "0", "lessThan": "2.32.3+dfsg-5+deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "2.32.3+dfsg-5+deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-tracker.debian.org/tracker/CVE-2024-47081"}], "descriptions": [{"lang": "en", "value": "Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session."}], "providerMetadata": {"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian", "dateUpdated": "2025-06-09T17:57:47.731Z", "x_subShortName": "debian"}}, {"credits": [{"lang": "en", "value": "packager@almalinux.org"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "almalinux", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.32.4-1.el10_0", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-47081", "name": "CVE-2024-47081"}], "descriptions": [{"lang": "en", "value": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.  \n\nSecurity Fix(es):  \n\n  * requests: Requests vulnerable to .netrc credentials leak via malicious URLs (CVE-2024-47081)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n"}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000001", "shortName": "almalinux", "dateUpdated": "2025-08-11T00:00:00Z", "x_subShortName": "alma_10"}}, {"credits": [{"lang": "en", "value": "packager@almalinux.org"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "almalinux", "product": "fence-agents-all", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-amt-ws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-apc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-apc-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-bladecenter", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-brocade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-cisco-mds", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-cisco-ucs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-common", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-compute", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-drac5", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-eaton-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-emerson", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-eps", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-heuristics-ping", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-hpblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ibm-powervs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ibm-vpc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ibmblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ifmib", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ilo-moonshot", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ilo-mp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ilo-ssh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ilo2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-intelmodular", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ipdu", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-ipmilan", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-kdump", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-kubevirt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-lpar", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-mpath", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-redfish", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-rhevm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-rsa", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-rsb", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-sbd", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-scsi", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-virsh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-vmware-rest", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-vmware-soap", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-wti", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "fence-agents-zvm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.20.0-6.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "resource-agents", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.16", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "resource-agents-aliyun", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.16", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "resource-agents-gcp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.16", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "resource-agents-paf", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.16", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-47081", "name": "CVE-2024-47081"}], "descriptions": [{"lang": "en", "value": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.  \n\nSecurity Fix(es):  \n\n  * requests: Requests vulnerable to .netrc credentials leak via malicious URLs (CVE-2024-47081)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n"}, {"lang": "en", "value": "The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.   \n\nSecurity Fix(es):  \n\n  * requests: Requests vulnerable to .netrc credentials leak via malicious URLs (CVE-2024-47081)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n"}, {"lang": "en", "value": "The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.  \n\nSecurity Fix(es):  \n\n  * requests: Requests vulnerable to .netrc credentials leak via malicious URLs (CVE-2024-47081)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n"}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000001", "shortName": "almalinux", "dateUpdated": "2025-08-06T00:00:00Z", "x_subShortName": "alma_8"}}, {"credits": [{"lang": "en", "value": "packager@almalinux.org"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "almalinux", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.25.1-10.el9_6", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "python3-requests+security", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.25.1-10.el9_6", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "python3-requests+socks", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.25.1-10.el9_6", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-47081", "name": "CVE-2024-47081"}], "descriptions": [{"lang": "en", "value": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.  \n\nSecurity Fix(es):  \n\n  * requests: Requests vulnerable to .netrc credentials leak via malicious URLs (CVE-2024-47081)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n"}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000001", "shortName": "almalinux", "dateUpdated": "2025-08-04T00:00:00Z", "x_subShortName": "alma_9"}}, {"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"medium\"}"}}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"unspecified\"}"}}}], "affected": [{"vendor": "fedora", "product": "mingw-python-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.32.4-1.fc41", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:41"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "pypy", "versions": [{"status": "affected", "version": "0", "lessThan": "0:7.3.20-2.fc41", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:41"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "python-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.32.4-1.fc41", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:41"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "mingw-python-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.32.4-1.fc42", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:42"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "pypy", "versions": [{"status": "affected", "version": "0", "lessThan": "0:7.3.20-2.fc42", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:42"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "python-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.32.4-1.fc42", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:42"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "pypy", "versions": [{"status": "affected", "version": "0", "lessThan": "0:7.3.20-2.fc43", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:43"], "defaultStatus": "unaffected"}], "references": [{"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-47916db6c7"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-5ea2b69c03"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-87207b946a"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-9285942ac9"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-9b8da6ad7e"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-a37bf9ddbd"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-d8f9b425fa"}], "descriptions": [{"lang": "en", "value": "mingw-python-requests: Requests vulnerable to .netrc credentials leak via malicious URLs"}, {"lang": "en", "value": "pypy: Requests vulnerable to .netrc credentials leak via malicious URLs"}, {"lang": "en", "value": "python-requests: Requests vulnerable to .netrc credentials leak via malicious URLs"}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2025-07-11T00:17:43Z", "x_subShortName": "fedora"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"MODERATE\"}"}}}], "affected": [{"vendor": "oraclelinux", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.32.4-1.el10_0", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:10"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-all", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-amt-ws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-apc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-apc-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-bladecenter", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-brocade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-cisco-mds", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-cisco-ucs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-common", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-compute", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-drac5", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-eaton-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-emerson", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-eps", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-heuristics-ping", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-hpblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ibm-powervs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ibm-vpc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ibmblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ifmib", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ilo-moonshot", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ilo-mp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ilo-ssh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ilo2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-intelmodular", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ipdu", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-ipmilan", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-kdump", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-kubevirt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-lpar", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-mpath", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-redfish", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-rhevm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-rsa", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-rsb", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-sbd", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-scsi", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-virsh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-vmware-rest", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-vmware-soap", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "fence-agents-wti", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.20.0-6.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "resource-agents", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.16", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.25.1-10.el9_6", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "python3-requests+security", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.25.1-10.el9_6", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "python3-requests+socks", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.25.1-10.el9_6", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://linux.oracle.com/cve/CVE-2024-47081.html"}], "descriptions": [{"lang": "en", "value": "Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000006", "shortName": "oraclelinux", "dateUpdated": "2025-08-03T00:00:00Z", "x_subShortName": "oraclelinux"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "python-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.32.4-1.el10_0", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.32.4-1.el10_0", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}], "references": [{"url": "http://seclists.org/fulldisclosure/2025/Jun/2"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/03/11"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/03/9"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/04/1"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/04/6"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-47081"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371272"}, {"url": "https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef"}, {"url": "https://github.com/psf/requests/pull/6965"}, {"url": "https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47081"}, {"url": "https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env"}, {"url": "https://seclists.org/fulldisclosure/2025/Jun/2"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-01-01T00:00:00Z", "x_subShortName": "redhat_10"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "rocky", "product": "python-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.32.4-1.el10_0", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.32.4-1.el10_0", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-aliyun", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-aliyun-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-all", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-amt-ws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-apc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-apc-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-aws", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-azure-arm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-azure-arm-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-bladecenter", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-brocade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-cisco-mds", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-cisco-ucs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-common", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-compute", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-drac5", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-eaton-snmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-emerson", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-eps", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-gce", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-heuristics-ping", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-hpblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ibm-powervs", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ibm-vpc", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ibmblade", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ifmib", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ilo-moonshot", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ilo-mp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ilo-ssh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ilo2", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-intelmodular", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ipdu", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-ipmilan", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-kdump", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-kdump-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-kubevirt", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-kubevirt-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-lpar", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-mpath", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-openstack", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-redfish", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-rhevm", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-rsa", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-rsb", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-sbd", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-scsi", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-virsh", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-vmware-rest", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-vmware-soap", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "fence-agents-wti", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.2.1-129.el8_10.14", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "python-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.20.0-6.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.20.0-6.el8_10", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "resource-agents", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.16", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "resource-agents-aliyun", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.16", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "resource-agents-aliyun-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.16", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "resource-agents-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.16", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "resource-agents-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.16", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "resource-agents-gcp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.16", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "resource-agents-paf", "versions": [{"status": "affected", "version": "0", "lessThan": "0:4.9.0-54.el8_10.16", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "python-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.25.1-10.el9_6", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.25.1-10.el9_6", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "python3-requests+security", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.25.1-10.el9_6", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "python3-requests+socks", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.25.1-10.el9_6", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371272"}], "descriptions": [{"lang": "en", "value": "requests: Requests vulnerable to .netrc credentials leak via malicious URLs (CVE-2024-47081)"}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000004", "shortName": "rocky", "dateUpdated": "2025-09-08T14:19:01Z", "x_subShortName": "rocky"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "python311-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.31.0-150400.6.18.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-public-cloud:15:sp4", "cpe:/o:suse:sle-module-python3:15:sp6", "cpe:/o:suse:sle-module-python3:15:sp7", "cpe:/o:suse:sle_hpc:15:sp4", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7", "cpe:/o:suse:sles_teradata:15:sp4", "cpe:/o:suse:suse-manager-proxy:4.3", "cpe:/o:suse:suse-manager-retail-branch-server:4.3"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.25.1-150300.3.15.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1244039"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47081", "name": "Mitre CVE-2024-47081"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-August/001863.html", "name": "RHSA-2025:12519"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-August/001880.html", "name": "RHSA-2025:13234"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-August/001952.html", "name": "RHSA-2025:14750"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-September/001978.html", "name": "RHSA-2025:14999"}, {"url": "https://www.suse.com/security/cve/CVE-2024-47081", "name": "SUSE CVE-2024-47081"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040363.html", "name": "SUSE-SU-2025:01997-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040362.html", "name": "SUSE-SU-2025:01998-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040361.html", "name": "SUSE-SU-2025:01999-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040591.html", "name": "SUSE-SU-2025:02205-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040779.html", "name": "SUSE-SU-2025:02371-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040618.html", "name": "SUSE-SU-2025:20455-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041123.html", "name": "SUSE-SU-2025:20531-1"}], "descriptions": [{"lang": "en", "value": "\n    Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-06-25T00:00:00Z", "x_subShortName": "suse_server_15"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.25.1-150300.3.15.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "python311-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.31.0-150400.6.18.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-python3:15:sp6", "cpe:/o:suse:sle-module-python3:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1244039"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47081", "name": "Mitre CVE-2024-47081"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-August/001863.html", "name": "RHSA-2025:12519"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-August/001880.html", "name": "RHSA-2025:13234"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-August/001952.html", "name": "RHSA-2025:14750"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-September/001978.html", "name": "RHSA-2025:14999"}, {"url": "https://www.suse.com/security/cve/CVE-2024-47081", "name": "SUSE CVE-2024-47081"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040363.html", "name": "SUSE-SU-2025:01997-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040362.html", "name": "SUSE-SU-2025:01998-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040361.html", "name": "SUSE-SU-2025:01999-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040591.html", "name": "SUSE-SU-2025:02205-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040779.html", "name": "SUSE-SU-2025:02371-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040618.html", "name": "SUSE-SU-2025:20455-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041123.html", "name": "SUSE-SU-2025:20531-1"}], "descriptions": [{"lang": "en", "value": "\n    Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-06-26T00:00:00Z", "x_subShortName": "suse_desktop_15"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "python313-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.32.4-160000.2.2", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1244039"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47081", "name": "Mitre CVE-2024-47081"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-August/001863.html", "name": "RHSA-2025:12519"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-August/001880.html", "name": "RHSA-2025:13234"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-August/001952.html", "name": "RHSA-2025:14750"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-September/001978.html", "name": "RHSA-2025:14999"}, {"url": "https://www.suse.com/security/cve/CVE-2024-47081", "name": "SUSE CVE-2024-47081"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040363.html", "name": "SUSE-SU-2025:01997-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040362.html", "name": "SUSE-SU-2025:01998-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040361.html", "name": "SUSE-SU-2025:01999-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040591.html", "name": "SUSE-SU-2025:02205-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040779.html", "name": "SUSE-SU-2025:02371-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040618.html", "name": "SUSE-SU-2025:20455-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041123.html", "name": "SUSE-SU-2025:20531-1"}], "descriptions": [{"lang": "en", "value": "\n    Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-11-14T00:00:00Z", "x_subShortName": "suse_server_16"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "amazon", "product": "aws-cfn-bootstrap", "versions": [{"status": "affected", "version": "0", "lessThan": "2.0-37.amzn2023", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "2.25.1-1.amzn2023.0.6", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3-requests+security", "versions": [{"status": "affected", "version": "0", "lessThan": "2.25.1-1.amzn2023.0.6", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3-requests+socks", "versions": [{"status": "affected", "version": "0", "lessThan": "2.25.1-1.amzn2023.0.6", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3.11-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "22.3.1-2.amzn2023.0.7", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3.11-pip-wheel", "versions": [{"status": "affected", "version": "0", "lessThan": "22.3.1-2.amzn2023.0.7", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3.12-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "23.2.1-4.amzn2023.0.3", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3.12-pip-wheel", "versions": [{"status": "affected", "version": "0", "lessThan": "23.2.1-4.amzn2023.0.3", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47081"}], "descriptions": [{"lang": "en", "value": "Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000000", "shortName": "alas", "dateUpdated": "2025-07-03T20:38:00Z", "x_subShortName": "alas_2023"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "amazon", "product": "aws-cfn-bootstrap", "versions": [{"status": "affected", "version": "0", "lessThan": "2.0-38.amzn2", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python-pip-wheel", "versions": [{"status": "affected", "version": "0", "lessThan": "20.2.2-1.amzn2.0.11", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "2.6.0-10.amzn2.0.7", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python2-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "20.2.2-1.amzn2.0.11", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "20.2.2-1.amzn2.0.11", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3-requests", "versions": [{"status": "affected", "version": "0", "lessThan": "2.14.2-2.amzn2.0.5", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47081"}], "descriptions": [{"lang": "en", "value": "Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000000", "shortName": "alas", "dateUpdated": "2025-06-18T23:14:00Z", "x_subShortName": "alas_2"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"MODERATE\"}"}}}], "affected": [{"vendor": "pypi", "product": "requests", "versions": [{"status": "affected", "version": "0", "lessThan": "2.32.4", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://seclists.org/fulldisclosure/2025/Jun/2"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/03/11"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/03/9"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/04/1"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/04/6"}, {"url": "https://github.com/psf/requests"}, {"url": "https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef"}, {"url": "https://github.com/psf/requests/pull/6965"}, {"url": "https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47081"}, {"url": "https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env"}, {"url": "https://seclists.org/fulldisclosure/2025/Jun/2"}], "descriptions": [{"lang": "en", "value": "### Impact\n\nDue to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs.\n\n### Workarounds\nFor older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on your Requests Session ([docs](https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env)).\n\n### References\nhttps://github.com/psf/requests/pull/6965\nhttps://seclists.org/fulldisclosure/2025/Jun/2"}, {"lang": "en", "value": "Requests vulnerable to .netrc credentials leak via malicious URLs"}], "providerMetadata": {"orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "pypi", "dateUpdated": "2025-06-09T19:06:08Z", "x_subShortName": "pypi"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "unknown", "product": "unknown", "defaultStatus": "unknown"}], "solutions": [{"lang": "en", "value": "SUSE bug 1244039"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47081", "name": "Mitre CVE-2024-47081"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-August/001863.html", "name": "RHSA-2025:12519"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-August/001880.html", "name": "RHSA-2025:13234"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-August/001952.html", "name": "RHSA-2025:14750"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-September/001978.html", "name": "RHSA-2025:14999"}, {"url": "https://www.suse.com/security/cve/CVE-2024-47081", "name": "SUSE CVE-2024-47081"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040363.html", "name": "SUSE-SU-2025:01997-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040362.html", "name": "SUSE-SU-2025:01998-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040361.html", "name": "SUSE-SU-2025:01999-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040591.html", "name": "SUSE-SU-2025:02205-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040779.html", "name": "SUSE-SU-2025:02371-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040618.html", "name": "SUSE-SU-2025:20455-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041123.html", "name": "SUSE-SU-2025:20531-1"}], "descriptions": [{"lang": "en", "value": "\n    Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-06-19T00:00:00Z", "x_subShortName": "suse_server_12"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "unknown", "product": "unknown", "defaultStatus": "unknown"}], "references": [{"url": "http://seclists.org/fulldisclosure/2025/Jun/2"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/03/11"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/03/9"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/04/1"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/04/6"}, {"url": "https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef"}, {"url": "https://github.com/psf/requests/pull/6965"}, {"url": "https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7"}, {"url": "https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env"}, {"url": "https://seclists.org/fulldisclosure/2025/Jun/2"}], "descriptions": [{"lang": "en", "value": "Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session."}, {"lang": "es", "value": "Requests es una librería HTTP. Debido a un problema de análisis de URL, las versiones de Requests anteriores a la 2.32.4 pueden filtrar credenciales .netrc a terceros para URL específicas manipuladas con fines maliciosos. Los usuarios deben actualizar a la versión 2.32.4 para obtener una solución. En versiones anteriores de Requests, el uso del archivo .netrc se puede desactivar con `trust_env=False` en la sesión de Requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-522", "description": "CWE-522"}]}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000003", "shortName": "DISCARDED_CNA", "dateUpdated": "2025-06-09T18:15:24Z", "x_subShortName": "nvd"}}}, "cveMetadata": {"cveId": "CVE-2024-47081", "state": "PUBLISHED", "dateUpdated": "2025-06-12T16:06:47Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-06-09T18:15:24Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.0"}