{ "advisoryKey": "OSV-2025-PyPI-0001", "affectedPackages": [ { "type": "semver", "identifier": "pkg:pypi/requests", "platform": "PyPI", "versionRanges": [ { "fixedVersion": "2.0.0", "introducedVersion": "0", "lastAffectedVersion": null, "primitives": { "evr": null, "hasVendorExtensions": false, "nevra": null, "semVer": { "constraintExpression": null, "exactValue": null, "fixed": "2.0.0", "fixedInclusive": false, "introduced": "0", "introducedInclusive": true, "lastAffected": null, "lastAffectedInclusive": true, "style": "range" }, "vendorExtensions": null }, "provenance": { "source": "osv", "kind": "range", "value": "pkg:pypi/requests", "decisionReason": null, "recordedAt": "2025-01-08T06:30:00+00:00", "fieldMask": [ "affectedpackages[].versionranges[]" ] }, "rangeExpression": null, "rangeKind": "semver" } ], "normalizedVersions": [ { "scheme": "semver", "type": "range", "min": "0", "minInclusive": true, "max": "2.0.0", "maxInclusive": false, "value": null, "notes": "osv:PyPI:OSV-2025-PyPI-0001:pkg:pypi/requests" } ], "statuses": [], "provenance": [ { "source": "osv", "kind": "affected", "value": "pkg:pypi/requests", "decisionReason": null, "recordedAt": "2025-01-08T06:30:00+00:00", "fieldMask": [ "affectedpackages[]" ] } ] } ], "aliases": [ "CVE-2025-114", "GHSA-4abc-4def-4ghi", "OSV-2025-PyPI-0001", "OSV-RELATED-PyPI-42" ], "canonicalMetricId": "3.1|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "credits": [], "cvssMetrics": [ { "baseScore": 9.8, "baseSeverity": "critical", "provenance": { "source": "osv", "kind": "cvss", "value": "CVSS_V3", "decisionReason": null, "recordedAt": "2025-01-08T06:30:00+00:00", "fieldMask": [] }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "cwes": [], "description": "Detailed description for PyPI package requests.", "exploitKnown": false, "language": "en", "modified": "2025-01-08T06:30:00+00:00", "provenance": [ { "source": "osv", "kind": "document", "value": "https://osv.dev/vulnerability/OSV-2025-PyPI-0001", "decisionReason": null, "recordedAt": "2025-01-08T07:00:00+00:00", "fieldMask": [ "advisory" ] }, { "source": "osv", "kind": "mapping", "value": "OSV-2025-PyPI-0001", "decisionReason": null, "recordedAt": "2025-01-08T06:30:00+00:00", "fieldMask": [ "advisory" ] } ], "published": "2025-01-05T12:00:00+00:00", "references": [ { "kind": "advisory", "provenance": { "source": "osv", "kind": "reference", "value": "https://example.com/PyPI/advisory", "decisionReason": null, "recordedAt": "2025-01-08T06:30:00+00:00", "fieldMask": [ "references[]" ] }, "sourceTag": "ADVISORY", "summary": null, "url": "https://example.com/PyPI/advisory" }, { "kind": "patch", "provenance": { "source": "osv", "kind": "reference", "value": "https://example.com/PyPI/fix", "decisionReason": null, "recordedAt": "2025-01-08T06:30:00+00:00", "fieldMask": [ "references[]" ] }, "sourceTag": "FIX", "summary": null, "url": "https://example.com/PyPI/fix" } ], "severity": "critical", "summary": "Detailed description for PyPI package requests.", "title": "PyPI package vulnerability" }