Search CVE reports
1 – 10 of 28 results
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling...
2 affected packages
python-pip, python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Not affected | Not affected | Not affected | Not affected |
| python-urllib3 | Not affected | Not affected | Not affected | Not affected |
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default,...
2 affected packages
python-pip, python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Fixed | Fixed | Not affected | Not affected |
| python-urllib3 | Fixed | Fixed | Fixed | Fixed |
Some fixes available 8 of 16
Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix....
2 affected packages
python-pip, requests
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| requests | Fixed | Fixed | Fixed | Fixed |
Some fixes available 10 of 18
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be...
3 affected packages
python-pip, python-setuptools, setuptools
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| python-setuptools | Not in release | Fixed | Fixed | Fixed |
| setuptools | Fixed | Fixed | Fixed | — |
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or...
3 affected packages
python-pip, python-setuptools, setuptools
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Not affected | Not affected | Fixed | Fixed |
| python-setuptools | Not in release | Fixed | Fixed | Fixed |
| setuptools | Fixed | Fixed | Fixed | — |
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized...
2 affected packages
python-certifi, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-certifi | Ignored | Ignored | Ignored | Ignored |
| python-pip | Ignored | Ignored | Ignored | Ignored |
Some fixes available 12 of 16
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP...
2 affected packages
python-pip, python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Fixed | Fixed | Fixed | Fixed |
| python-urllib3 | Fixed | Fixed | Fixed | Fixed |
Some fixes available 2 of 18
Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue...
2 affected packages
python-pip, requests
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Vulnerable | Vulnerable | Ignored | Ignored |
| requests | Ignored | Ignored | Ignored | Ignored |
Some fixes available 6 of 15
A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic...
2 affected packages
python-idna, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-idna | Fixed | Fixed | Fixed | Fixed |
| python-pip | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config")....
1 affected package
python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |