[USN-6473-2] pip vulnerabilities
Several security issues were fixed in pip.
USN-6473-1 fixed vulnerabilities in urllib3. This update provides the
corresponding updates for the urllib3 module bundled into pip.
Original advisory details:
It was discovered that urllib3 didn't strip HTTP Authorization header
on cross-origin redirects. A remote attacker could possibly use this
issue to obtain sensitive information. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-25091)
It was discovered that urllib3 didn't strip HTTP Cookie header on
cross-origin redirects. A remote attacker could possibly use this
issue to obtain sensitive information. (CVE-2023-43804)
It was discovered that urllib3 didn't strip HTTP body on status code
303 redirects under certain circumstances. A remote attacker could
possibly use this issue to obtain sensitive information. (CVE-2023-45803)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/python3-pip?distro=xenial | < 8.1.1-2ubuntu0.6+esm6 |
pkg:deb/ubuntu/python3-pip?distro=mantic | < 23.2+dfsg-1ubuntu0.1 |
pkg:deb/ubuntu/python3-pip?distro=lunar | < 23.0.1+dfsg-1ubuntu0.2 |
pkg:deb/ubuntu/python3-pip?distro=jammy | < 22.0.2+dfsg-1ubuntu0.4 |
pkg:deb/ubuntu/python3-pip?distro=focal | < 20.0.2-5ubuntu1.10 |
pkg:deb/ubuntu/python3-pip?distro=bionic | < 9.0.1-2.3~ubuntu1.18.04.8+esm2 |
pkg:deb/ubuntu/python3-pip-whl?distro=mantic | < 23.2+dfsg-1ubuntu0.1 |
pkg:deb/ubuntu/python3-pip-whl?distro=lunar | < 23.0.1+dfsg-1ubuntu0.2 |
pkg:deb/ubuntu/python3-pip-whl?distro=jammy | < 22.0.2+dfsg-1ubuntu0.4 |
pkg:deb/ubuntu/python-pip?distro=xenial | < 8.1.1-2ubuntu0.6+esm6 |
pkg:deb/ubuntu/python-pip?distro=bionic | < 9.0.1-2.3~ubuntu1.18.04.8+esm2 |
pkg:deb/ubuntu/python-pip-whl?distro=xenial | < 8.1.1-2ubuntu0.6+esm6 |
pkg:deb/ubuntu/python-pip-whl?distro=focal | < 20.0.2-5ubuntu1.10 |
pkg:deb/ubuntu/python-pip-whl?distro=bionic | < 9.0.1-2.3~ubuntu1.18.04.8+esm2 |
- ID
- USN-6473-2
- Severity
- high
- Severity from
- CVE-2023-43804
- URL
- https://ubuntu.com/security/notices/USN-6473-2
- Published
-
2023-11-15T11:27:24
(10 months ago) - Modified
-
2023-11-15T11:27:24
(10 months ago) - Other Advisories
-
- ALAS2-2024-2387
- ALPINE:CVE-2023-43804
- ALPINE:CVE-2023-45803
- ALSA-2023:7753
- ALSA-2024:0116
- ALSA-2024:0133
- ALSA-2024:0464
- ALSA-2024:2132
- ALSA-2024:2159
- ALSA-2024:2968
- ALSA-2024:2985
- ALSA-2024:2986
- ALSA-2024:2987
- ELSA-2023-7753
- ELSA-2024-0116
- ELSA-2024-0133
- ELSA-2024-0464
- ELSA-2024-2132
- ELSA-2024-2159
- ELSA-2024-2968
- ELSA-2024-2985
- ELSA-2024-2986
- ELSA-2024-2987
- ELSA-2024-2988
- FEDORA-2023-0806784f24
- FEDORA-2023-18f03a150d
- FEDORA-2023-8f53bfe088
- FEDORA-2023-932b0c86f4
- FEDORA-2023-dede912109
- PYSEC-2023-192
- PYSEC-2023-207
- PYSEC-2023-212
- RHSA-2023:7753
- RHSA-2024:0116
- RHSA-2024:0133
- RHSA-2024:0464
- RHSA-2024:2132
- RHSA-2024:2159
- RHSA-2024:2952
- RHSA-2024:2968
- RHSA-2024:2985
- RHSA-2024:2986
- RHSA-2024:2987
- RHSA-2024:2988
- RLSA-2024:2968
- RLSA-2024:2986
- SUSE-SU-2023:4064-1
- SUSE-SU-2023:4108-1
- SUSE-SU-2023:4157-1
- SUSE-SU-2023:4352-1
- SUSE-SU-2023:4356-1
- SUSE-SU-2023:4467-1
- SUSE-SU-2023:4468-1
- SUSE-SU-2024:2462-1
- USN-6473-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/python3-pip?distro=xenial | ubuntu | python3-pip | < 8.1.1-2ubuntu0.6+esm6 | xenial | ||
Affected | pkg:deb/ubuntu/python3-pip?distro=mantic | ubuntu | python3-pip | < 23.2+dfsg-1ubuntu0.1 | mantic | ||
Affected | pkg:deb/ubuntu/python3-pip?distro=lunar | ubuntu | python3-pip | < 23.0.1+dfsg-1ubuntu0.2 | lunar | ||
Affected | pkg:deb/ubuntu/python3-pip?distro=jammy | ubuntu | python3-pip | < 22.0.2+dfsg-1ubuntu0.4 | jammy | ||
Affected | pkg:deb/ubuntu/python3-pip?distro=focal | ubuntu | python3-pip | < 20.0.2-5ubuntu1.10 | focal | ||
Affected | pkg:deb/ubuntu/python3-pip?distro=bionic | ubuntu | python3-pip | < 9.0.1-2.3~ubuntu1.18.04.8+esm2 | bionic | ||
Affected | pkg:deb/ubuntu/python3-pip-whl?distro=mantic | ubuntu | python3-pip-whl | < 23.2+dfsg-1ubuntu0.1 | mantic | ||
Affected | pkg:deb/ubuntu/python3-pip-whl?distro=lunar | ubuntu | python3-pip-whl | < 23.0.1+dfsg-1ubuntu0.2 | lunar | ||
Affected | pkg:deb/ubuntu/python3-pip-whl?distro=jammy | ubuntu | python3-pip-whl | < 22.0.2+dfsg-1ubuntu0.4 | jammy | ||
Affected | pkg:deb/ubuntu/python-pip?distro=xenial | ubuntu | python-pip | < 8.1.1-2ubuntu0.6+esm6 | xenial | ||
Affected | pkg:deb/ubuntu/python-pip?distro=bionic | ubuntu | python-pip | < 9.0.1-2.3~ubuntu1.18.04.8+esm2 | bionic | ||
Affected | pkg:deb/ubuntu/python-pip-whl?distro=xenial | ubuntu | python-pip-whl | < 8.1.1-2ubuntu0.6+esm6 | xenial | ||
Affected | pkg:deb/ubuntu/python-pip-whl?distro=focal | ubuntu | python-pip-whl | < 20.0.2-5ubuntu1.10 | focal | ||
Affected | pkg:deb/ubuntu/python-pip-whl?distro=bionic | ubuntu | python-pip-whl | < 9.0.1-2.3~ubuntu1.18.04.8+esm2 | bionic |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |