cve 2024 35195

About this tag
CVE-2024-35195 is a vulnerability in the Python Requests library that affects Azure Linux, as attested by Microsoft in its CSAF/VEX outputs. The tag covers discussions about the scope of this CVE, clarifying that while Azure Linux is the only Microsoft product publicly confirmed to include the vulnerable library, other Microsoft products may also ship the same component. Topics include vulnerability assessment, SBOM, and the limitations of vendor attestations. This tag is relevant for IT professionals and security researchers tracking Microsoft's response to open-source library vulnerabilities.
  1. CVE-2024-35195: Azure Linux Attestation and Microsoft Product Scope

    The short answer is: No — Azure Linux is not necessarily the only Microsoft product that could include the vulnerable Requests library; it is, however, the only Microsoft product Microsoft has publicly attested (via its CSAF/VEX outputs) as including the implicated Python Requests package for...