CVE-2021-33503

Note

the python-pip package bundles python-urllib3 binaries
when built. After updating python-urllib3, a no-change
rebuild of python-pip is required.
python-pip 20.3.4-4 build in impish is built against
python3-urllib3 1.26.5-1~exp1, and thus impish and newer is fixed.
introduced in urllib3 in
0aa3e24fcd75f1bb59ab159e9f8adb44055b2271 or newer

Package	Release	Status
python-pip Launchpad, Ubuntu, Debian	bionic	Not vulnerable (embedded urllib3 not affected)
	focal	Released (20.0.2-5ubuntu1.7)
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Not vulnerable (20.3.4-4)
	jammy	Not vulnerable (20.3.4-4)
	kinetic	Not vulnerable (20.3.4-4)
	trusty	Not vulnerable (embedded urllib3 not affected)
	upstream	Released (21.2)
	xenial	Not vulnerable (embedded urllib3 not affected)
	Patches: upstream: https://github.com/pypa/pip/commit/5394d340fb3a0b31a8e1909dd6872ecc36f75fbe (21.2)
python-urllib3 Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	focal	Released (1.25.8-2ubuntu0.2)
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Not vulnerable (1.26.5-1~exp1)
	jammy	Not vulnerable (1.26.5-1~exp1)
	kinetic	Not vulnerable (1.26.5-1~exp1)
	trusty	Not vulnerable
	upstream	Released (1.26.5)
	xenial	Not vulnerable

Parameter	Value
Base score	7.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Security

CVE-2021-33503

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading