Search CVE reports


Toggle filters

11 – 20 of 24 results


CVE-2023-32681

Medium priority

Some fixes available 10 of 17

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the...

2 affected packages

python-pip, requests

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Not affected Vulnerable Fixed Needs evaluation Needs evaluation
requests Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-40898

Medium priority
Fixed

An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.

2 affected packages

python-pip, wheel

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Fixed Fixed Fixed Fixed
wheel Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-40897

Medium priority
Fixed

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in...

3 affected packages

python-pip, python-setuptools, setuptools

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Fixed Fixed Fixed Fixed
python-setuptools Fixed Fixed Fixed Fixed
setuptools Fixed Fixed Not in release Not in release
Show less packages

CVE-2021-3572

Low priority

Some fixes available 3 of 5

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability...

1 affected package

python-pip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Not affected Not affected Fixed Fixed
Show less packages

CVE-2021-33503

Low priority

Some fixes available 2 of 6

An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service...

2 affected packages

python-pip, python-urllib3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Not affected Fixed Not affected Not affected
python-urllib3 Not affected Fixed Not affected Not affected
Show less packages

CVE-2021-28363

Medium priority
Not affected

The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't...

2 affected packages

python-pip, python-urllib3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Not affected Not affected Not affected
python-urllib3 Not affected Not affected Not affected
Show less packages

CVE-2020-26137

Medium priority

Some fixes available 6 of 8

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

2 affected packages

python-pip, python-urllib3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Not affected Not affected Fixed Fixed Fixed
python-urllib3 Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2019-20916

Medium priority

Some fixes available 1 of 3

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting...

1 affected package

python-pip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Not affected Not affected Not affected Fixed Vulnerable
Show less packages

CVE-2018-20225

Negligible priority
Ignored

** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of...

1 affected package

python-pip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Ignored Ignored Ignored
Show less packages

CVE-2013-5123

Medium priority
Ignored

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

1 affected package

python-pip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pip Not affected Not affected
Show less packages