Search CVE reports
1 – 10 of 31 results
Some fixes available 3 of 16
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of...
2 affected packages
python-urllib3, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-urllib3 | Fixed | Ignored | Ignored | Ignored |
| python-pip | Vulnerable | Ignored | Ignored | Ignored |
Some fixes available 5 of 10
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited...
2 affected packages
python-urllib3, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-urllib3 | Fixed | Fixed | Fixed | Not affected |
| python-pip | Vulnerable | Vulnerable | Vulnerable | Not affected |
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix...
1 affected package
python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the...
2 affected packages
python-pip, python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Not affected | Not affected | Not affected | Not affected |
| python-urllib3 | Not affected | Not affected | Not affected | Not affected |
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default,...
2 affected packages
python-pip, python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Fixed | Fixed | Not affected | Not affected |
| python-urllib3 | Fixed | Fixed | Fixed | Fixed |
Some fixes available 12 of 14
Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix....
2 affected packages
python-pip, requests
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Fixed | Fixed | Not affected | Not affected |
| requests | Fixed | Fixed | Fixed | Fixed |
Some fixes available 10 of 19
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be...
3 affected packages
python-setuptools, setuptools, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-setuptools | Not in release | Fixed | Fixed | Fixed |
| setuptools | Fixed | Fixed | Fixed | — |
| python-pip | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or...
3 affected packages
python-setuptools, python-pip, setuptools
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-setuptools | Not in release | Fixed | Fixed | Fixed |
| python-pip | Not affected | Not affected | Fixed | Fixed |
| setuptools | Fixed | Fixed | Fixed | — |
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized...
2 affected packages
python-certifi, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-certifi | Not affected | Not affected | Not affected | Not affected |
| python-pip | Not affected | Not affected | Not affected | Not affected |
Some fixes available 12 of 16
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP...
2 affected packages
python-pip, python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Fixed | Fixed | Fixed | Fixed |
| python-urllib3 | Fixed | Fixed | Fixed | Fixed |