Search CVE reports
1 – 10 of 24 results
CVE-2024-6345
Medium prioritySome fixes available 11 of 12
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or...
3 affected packages
python-pip, python-setuptools, setuptools
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-pip | Not affected | Not affected | Fixed | Fixed | Fixed |
| python-setuptools | Not in release | Fixed | Fixed | Fixed | Fixed |
| setuptools | Fixed | Fixed | Fixed | — | — |
CVE-2024-39689
Negligible priorityCertifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root...
2 affected packages
python-certifi, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-certifi | Ignored | Ignored | Ignored | Ignored | Ignored |
| python-pip | Ignored | Ignored | Ignored | Ignored | Ignored |
CVE-2024-37891
Low priorityurllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP...
2 affected packages
python-pip, python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-pip | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| python-urllib3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-35195
Medium priorityRequests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue...
2 affected packages
python-pip, requests
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-pip | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| requests | Ignored | Ignored | Ignored | Ignored | Ignored |
CVE-2024-3651
Medium prioritySome fixes available 6 of 13
A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic...
2 affected packages
python-idna, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-idna | Fixed | Fixed | Fixed | Fixed | Fixed |
| python-pip | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-5752
Medium priorityWhen installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config")....
1 affected packages
python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-pip | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-45803
Medium prioritySome fixes available 12 of 15
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one...
2 affected packages
python-pip, python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-pip | Needs evaluation | Fixed | Fixed | Fixed | Fixed |
| python-urllib3 | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2018-25091
Medium prioritySome fixes available 8 of 11
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be...
2 affected packages
python-pip, python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-pip | Needs evaluation | Fixed | Fixed | Fixed | Fixed |
| python-urllib3 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2023-43804
Medium prioritySome fixes available 12 of 15
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it...
2 affected packages
python-pip, python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-pip | Needs evaluation | Fixed | Fixed | Fixed | Fixed |
| python-urllib3 | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2023-37920
Negligible priorityCertifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates....
2 affected packages
python-certifi, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-certifi | — | Ignored | Ignored | Ignored | Ignored |
| python-pip | — | Ignored | Ignored | Ignored | Ignored |