What is the severity of USN-7488-1?

The severity of USN-7488-1 is classified as high due to the potential for remote attackers to carry out Server-Side Request Forgery (SSRF) attacks.

How do I fix USN-7488-1?

To fix USN-7488-1, upgrade to the affected packages listed in the advisory to versions that include the security fixes.

Which versions of Python are affected by USN-7488-1?

The affected versions of Python include 2.7 and 3.4 on Ubuntu 14.04 LTS, 2.7 on Ubuntu 16.04 LTS, and 3.13 on newer versions prior to the updates.

What platforms are impacted by USN-7488-1?

USN-7488-1 primarily affects Ubuntu operating systems, specifically versions 14.04 LTS, 16.04 LTS, and newer releases like 20.04 and 22.04.

What type of attack can exploit the vulnerability in USN-7488-1?

The vulnerability in USN-7488-1 can be exploited to perform Server-Side Request Forgery (SSRF) attacks, which may lead to unauthorized access to internal resources.

Vulnerability/
USN-7488-1

CWE

918

6/5/2025

10/5/2025

USN-7488-1: Python vulnerabilities

First published: Tue May 06 2025(Updated: )

It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack. This issue only affected python 2.7 and python3.4 on Ubuntu 14.04 LTS; python2.7 on Ubuntu 16.04 LTS; python2.7, python3.6, python3.7, and python3.8 on Ubuntu 18.04 LTS; python2.7 and python3.9 on Ubuntu 20.04 LTS; and python2.7 and python3.11 on Ubuntu 22.04 LTS. (CVE-2024-11168) It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume excessive resources, leading to a denial of service. This issue only affected python3.4 on Ubuntu 14.04 LTS; python3.6, python3.7, and python3.8 on Ubuntu 18.04 LTS; python3.9 on Ubuntu 20.04 LTS; and python3.11 on Ubuntu 22.04 LTS. (CVE-2024-6232) It was discovered that Python incorrectly handled quoted path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated. This issue only affected python3.4 on Ubuntu 14.04 LTS; python3.6, python3.7, and python3.8 on Ubuntu 18.04 LTS; python3.9 on Ubuntu 20.04 LTS; python3.11 on Ubuntu 22.04 LTS; and python3.13 on Ubuntu 24.10. (CVE-2024-9287)

Affected Software	Affected Version	How to fix

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-7488-1?
The severity of USN-7488-1 is classified as high due to the potential for remote attackers to carry out Server-Side Request Forgery (SSRF) attacks.
How do I fix USN-7488-1?
To fix USN-7488-1, upgrade to the affected packages listed in the advisory to versions that include the security fixes.
Which versions of Python are affected by USN-7488-1?
The affected versions of Python include 2.7 and 3.4 on Ubuntu 14.04 LTS, 2.7 on Ubuntu 16.04 LTS, and 3.13 on newer versions prior to the updates.
What platforms are impacted by USN-7488-1?
USN-7488-1 primarily affects Ubuntu operating systems, specifically versions 14.04 LTS, 16.04 LTS, and newer releases like 20.04 and 22.04.
What type of attack can exploit the vulnerability in USN-7488-1?
The vulnerability in USN-7488-1 can be exploited to perform Server-Side Request Forgery (SSRF) attacks, which may lead to unauthorized access to internal resources.

agent/last-modified-date
agent/references
agent/title
agent/description
agent/weakness
agent/source
agent/softwarecombine
agent/type
agent/first-publish-date
agent/event
agent/tags
collector/usn
source/Ubuntu