CVE-2024-35195: 
Python vulnerability analysis and mitigation

CVE-2024-35195 affects the Requests HTTP library prior to version 2.32.0. When making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verify. This behavior persists for the lifecycle of the connection in the connection pool (GitHub Advisory).

The vulnerability stems from an incorrect control flow implementation in the connection pool management. When a Session object makes its first request with SSL verification disabled, the connection pool retains this setting for all subsequent requests to the same host, ignoring any changes to the verification settings. The issue has been assigned a CVSS v3.1 base score of 5.6 (Medium) with vector string CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N (GitHub Advisory).

The vulnerability could lead to unintended certificate verification bypass, potentially exposing applications to man-in-the-middle attacks when subsequent requests are expected to verify SSL certificates but don't. This affects the confidentiality and integrity of the data transmitted through these connections (GitHub Advisory).

The vulnerability has been fixed in Requests version 2.32.0. For earlier versions, there are several mitigation options: 1) Upgrade to requests>=2.32.0, 2) Avoid setting verify=False for the first request to a host while using a Requests Session, or 3) Call close() on Session objects to clear existing connections if verify=False is used (GitHub Advisory).