🟡 [SCA] GHSA-9hjg-9r4m-mvj7 (1 occurrence)

## 🔐 Security Vulnerabilities Detected by CybeDefend

**1** occurrence(s) of **GHSA-9hjg-9r4m-mvj7** detected.

**Highest Severity**: 🟡 MEDIUM

### Description

### Impact

Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs.

### Workarounds
For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on your Requests Session ([docs](https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env)).

### References
https://github.com/psf/requests/pull/6965
https://seclists.org/fulldisclosure/2025/Jun/2

### Affected Locations

#### `requests@>=0.0.0`
- Unknown line - 🟡 MEDIUM - [View](https://app.cybedefend.com/project/b8f603a6-f7a8-4b8c-b278-fded3ef74dde/vulnerability/sca/b5b8cb04-4280-45b0-a95f-fd99d905871f)

---
*This issue was automatically created by [CybeDefend](https://cybedefend.com)*

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🟡 [SCA] GHSA-9hjg-9r4m-mvj7 (1 occurrence) #423

🔐 Security Vulnerabilities Detected by CybeDefend

Description

Impact

Workarounds

References

Affected Locations

`requests@>=0.0.0`

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

🟡 [SCA] GHSA-9hjg-9r4m-mvj7 (1 occurrence) #423

Description

🔐 Security Vulnerabilities Detected by CybeDefend

Description

Impact

Workarounds

References

Affected Locations

requests@>=0.0.0

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions

`requests@>=0.0.0`