diff --git a/python/ql/src/Security/CWE-918/examples/ServerSideRequestForgery_full.py b/python/ql/src/Security/CWE-918/examples/ServerSideRequestForgery_full.py
index 4772f3eaea4..02724582182 100644
--- a/python/ql/src/Security/CWE-918/examples/ServerSideRequestForgery_full.py
+++ b/python/ql/src/Security/CWE-918/examples/ServerSideRequestForgery_full.py
@@ -8,8 +8,8 @@ def full_ssrf():
     target = request.args["target"]
 
     # BAD: user has full control of URL
-    resp = request.get("https://" + target + ".example.com/data/")
+    resp = requests.get("https://" + target + ".example.com/data/")
 
     # GOOD: `subdomain` is controlled by the server.
     subdomain = "europe" if target == "EU" else "world"
-    resp = request.get("https://" + subdomain + ".example.com/data/")
+    resp = requests.get("https://" + subdomain + ".example.com/data/")