{"id":"USN-7762-1","summary":"python-pip vulnerabilities","details":"Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly\nleaked Proxy-Authorization headers. A remote attacker could possibly use\nthis issue to obtain sensitive information. This update addresses the issue\nin the Requests module bundled into pip in Ubuntu 22.04 LTS.\n(CVE-2023-32681)\n\nIt was discovered that urllib3 didn't strip HTTP body on status code\n303 redirects under certain circumstances. A remote attacker could\npossibly use this issue to obtain sensitive information. This update\naddresses the issue in the urllib3 module bundled into pip in Ubuntu\n24.04 LTS. (CVE-2023-45803)\n\nGuido Vranken discovered that idna did not properly manage certain inputs,\nwhich could lead to significant resource consumption. An attacker could\npossibly use this issue to cause a denial of service. This update addresses\nthe issue in the idna module bundled into pip in Ubuntu 22.04 LTS and\nUbuntu 24.04 LTS. (CVE-2024-3651)\n\nJuho Forsén discovered that Requests did not correctly parse URLs. A\nremote attacker could possibly use this issue to leak sensitive\ninformation. This update addresses the issue in the Requests module bundled\ninto pip in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04.\n(CVE-2024-47081)","modified":"2026-04-24T10:17:27.676906258Z","published":"2025-09-23T12:23:43Z","related":["UBUNTU-CVE-2023-32681","UBUNTU-CVE-2023-45803","UBUNTU-CVE-2024-3651","UBUNTU-CVE-2024-47081"],"upstream":["CVE-2023-32681","CVE-2024-3651","CVE-2024-47081","UBUNTU-CVE-2023-32681","UBUNTU-CVE-2024-3651","UBUNTU-CVE-2024-47081"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7762-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-32681"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-3651"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-47081"},{"type":"REPORT","url":"https://launchpad.net/bugs/2031880"}],"affected":[{"package":{"name":"python-pip","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/python-pip@22.0.2+dfsg-1ubuntu0.7?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"22.0.2+dfsg-1ubuntu0.7"}]}],"versions":["20.3.4-4","21.3.1+dfsg-3","22.0.2+dfsg-1","22.0.2+dfsg-1ubuntu0.1","22.0.2+dfsg-1ubuntu0.2","22.0.2+dfsg-1ubuntu0.3","22.0.2+dfsg-1ubuntu0.4","22.0.2+dfsg-1ubuntu0.5","22.0.2+dfsg-1ubuntu0.6"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"python3-pip","binary_version":"22.0.2+dfsg-1ubuntu0.7"},{"binary_name":"python3-pip-whl","binary_version":"22.0.2+dfsg-1ubuntu0.7"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"id":"CVE-2023-32681","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-3651","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-47081","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7762-1.json"}},{"package":{"name":"python-pip","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/python-pip@24.0+dfsg-1ubuntu1.3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.0+dfsg-1ubuntu1.3"}]}],"versions":["23.2+dfsg-1","23.3+dfsg-1","24.0+dfsg-1","24.0+dfsg-1ubuntu1","24.0+dfsg-1ubuntu1.1","24.0+dfsg-1ubuntu1.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"python3-pip","binary_version":"24.0+dfsg-1ubuntu1.3"},{"binary_name":"python3-pip-whl","binary_version":"24.0+dfsg-1ubuntu1.3"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[{"id":"CVE-2024-3651","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-47081","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7762-1.json"}}],"schema_version":"1.7.5"}