Search CVE reports
11 – 20 of 24 results
CVE-2023-32681
Medium prioritySome fixes available 10 of 17
Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the...
2 affected packages
python-pip, requests
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-pip | Not affected | Vulnerable | Fixed | Needs evaluation | Needs evaluation |
requests | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2022-40898
Medium priorityAn issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
2 affected packages
python-pip, wheel
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-pip | — | Fixed | Fixed | Fixed | Fixed |
wheel | — | Fixed | Fixed | Fixed | Fixed |
CVE-2022-40897
Medium priorityPython Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in...
3 affected packages
python-pip, python-setuptools, setuptools
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-pip | — | Fixed | Fixed | Fixed | Fixed |
python-setuptools | — | Fixed | Fixed | Fixed | Fixed |
setuptools | — | Fixed | Fixed | Not in release | Not in release |
CVE-2021-3572
Low prioritySome fixes available 3 of 5
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability...
1 affected package
python-pip
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-pip | — | Not affected | Not affected | Fixed | Fixed |
CVE-2021-33503
Low prioritySome fixes available 2 of 6
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service...
2 affected packages
python-pip, python-urllib3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-pip | — | Not affected | Fixed | Not affected | Not affected |
python-urllib3 | — | Not affected | Fixed | Not affected | Not affected |
CVE-2021-28363
Medium priorityThe urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't...
2 affected packages
python-pip, python-urllib3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-pip | — | — | Not affected | Not affected | Not affected |
python-urllib3 | — | — | Not affected | Not affected | Not affected |
CVE-2020-26137
Medium prioritySome fixes available 6 of 8
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
2 affected packages
python-pip, python-urllib3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-pip | Not affected | Not affected | Fixed | Fixed | Fixed |
python-urllib3 | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2019-20916
Medium prioritySome fixes available 1 of 3
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting...
1 affected package
python-pip
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-pip | Not affected | Not affected | Not affected | Fixed | Vulnerable |
CVE-2018-20225
Negligible priority** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of...
1 affected package
python-pip
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-pip | — | — | Ignored | Ignored | Ignored |
CVE-2013-5123
Medium priorityThe mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
1 affected package
python-pip
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-pip | — | — | — | Not affected | Not affected |