python2-pip-wheel (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package python2-pip-wheel, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (15)
CVE-2022-48565 — CVSS 9.8 (critical): An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML…
CVE-2021-43818 — CVSS 8.2 (high): lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain…
CVE-2015-20107 — CVSS 7.6 (high): In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap…
CVE-2022-45061 — CVSS 7.5 (high): An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the…
CVE-2021-3737 — CVSS 7.5 (high): A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls…
CVE-2022-0391 — CVSS 7.5 (high): A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings…
CVE-2023-24329 — CVSS 7.5 (high): An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that…
CVE-2021-3733 — CVSS 6.5 (medium): There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as…
CVE-2023-32681 — CVSS 6.1 (medium): Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when…
CVE-2023-43804 — CVSS 5.9 (medium): urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers…
CVE-2022-40897 — CVSS 5.9 (medium): Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted…
CVE-2024-22195 — CVSS 5.4 (medium): Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible…
CVE-2023-40217 — CVSS 5.3 (medium): An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects…
CVE-2021-4189 — CVSS 5.3 (medium): A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the…