Search CVE reports
11 – 20 of 31 results
Some fixes available 3 of 20
Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue...
2 affected packages
requests, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| requests | Ignored | Ignored | Ignored | Ignored |
| python-pip | Vulnerable | Vulnerable | Ignored | Ignored |
Some fixes available 11 of 13
A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic...
2 affected packages
python-idna, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-idna | Fixed | Fixed | Fixed | Fixed |
| python-pip | Fixed | Fixed | Fixed | Fixed |
When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie...
1 affected package
python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Not affected | Not affected | Not affected | Not affected |
Some fixes available 13 of 16
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one...
2 affected packages
python-pip, python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Fixed | Fixed | Fixed | Fixed |
| python-urllib3 | Not affected | Fixed | Fixed | Fixed |
Some fixes available 4 of 7
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be...
2 affected packages
python-urllib3, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-urllib3 | Not affected | Not affected | Not affected | Fixed |
| python-pip | Not affected | Not affected | Not affected | Fixed |
Some fixes available 12 of 15
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it...
2 affected packages
python-urllib3, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-urllib3 | Not affected | Fixed | Fixed | Fixed |
| python-pip | Not affected | Fixed | Fixed | Fixed |
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates....
2 affected packages
python-certifi, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-certifi | — | Ignored | Ignored | Ignored |
| python-pip | — | Ignored | Ignored | Ignored |
Some fixes available 13 of 15
Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the...
2 affected packages
python-pip, requests
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Not affected | Fixed | Fixed | Not affected |
| requests | Fixed | Fixed | Fixed | Fixed |
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
2 affected packages
python-pip, wheel
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | — | Fixed | Fixed | Fixed |
| wheel | — | Fixed | Fixed | Fixed |
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in...
3 affected packages
python-pip, python-setuptools, setuptools
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | — | Fixed | Fixed | Fixed |
| python-setuptools | — | Fixed | Fixed | Fixed |
| setuptools | — | Fixed | Fixed | Not in release |