Search CVE reports


Toggle filters

1 – 10 of 24 results


CVE-2024-6345

Medium priority
Fixed

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or...

3 affected packages

python-pip, python-setuptools, setuptools

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Not affected Not affected Fixed Fixed Fixed
python-setuptools Not in release Fixed Fixed Fixed Fixed
setuptools Fixed Fixed Fixed
Show less packages

CVE-2024-39689

Negligible priority
Ignored

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root...

2 affected packages

python-certifi, python-pip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-certifi Ignored Ignored Ignored Ignored Ignored
python-pip Ignored Ignored Ignored Ignored Ignored
Show less packages

CVE-2024-37891

Low priority

Some fixes available 12 of 16

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP...

2 affected packages

python-pip, python-urllib3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Fixed Fixed Fixed Fixed Fixed
python-urllib3 Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-35195

Medium priority

Some fixes available 1 of 16

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue...

2 affected packages

python-pip, requests

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Vulnerable Vulnerable Ignored Ignored Ignored
requests Ignored Ignored Ignored Ignored Ignored
Show less packages

CVE-2024-3651

Medium priority

Some fixes available 6 of 14

A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic...

2 affected packages

python-idna, python-pip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-idna Fixed Fixed Fixed Fixed Fixed
python-pip Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-5752

Medium priority
Needs evaluation

When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config")....

1 affected package

python-pip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-45803

Medium priority

Some fixes available 12 of 16

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one...

2 affected packages

python-pip, python-urllib3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Needs evaluation Fixed Fixed Fixed Fixed
python-urllib3 Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2018-25091

Medium priority

Some fixes available 8 of 12

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be...

2 affected packages

python-pip, python-urllib3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Needs evaluation Fixed Fixed Fixed Fixed
python-urllib3 Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2023-43804

Medium priority

Some fixes available 12 of 16

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it...

2 affected packages

python-pip, python-urllib3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Needs evaluation Fixed Fixed Fixed Fixed
python-urllib3 Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-37920

Negligible priority
Ignored

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates....

2 affected packages

python-certifi, python-pip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-certifi Ignored Ignored Ignored Ignored
python-pip Ignored Ignored Ignored Ignored
Show less packages