CVE-2021-29476

CRITICAL EXPLOITED

Requests 1.6.0-1.7.0 - Deserialization of Untrusted Data in FilteredIterator

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-29476 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0.

References (2)

Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/rmccue/Requests/pull/421

Scores

CVSS v3 9.8
EPSS 0.0222
EPSS Percentile 84.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-08-14
CWE
CWE-502
Status published
Products (4)
rmccue/requests 1.6.0 - 1.8.0Packagist
wordpress/requests 1.6.0
wordpress/requests 1.6.1
wordpress/requests 1.7.0
Published Apr 27, 2021
Tracked Since Feb 18, 2026