Msrc Azl3 Python-Pip 24.2-2 On Azure Linux 3.0 vulnerabilities

CVE-2024-37891 [MEDIUM] CWE-669 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most r

CVE-2022-40897 [MEDIUM] CWE-1333 Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. FAQ: Is Azure Lin

CVE-2021-41500 [HIGH] CWE-697 Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attack Incomplete string comparison vulnerability exits in cvxopt.org cvxop Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to us