rpm package
opensuse/python3-base&distro=openSUSE Leap 15.2
pkg:rpm/opensuse/python3-base&distro=openSUSE%20Leap%2015.2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-20916 | — | < 3.6.12-lp152.4.9.1 | 3.6.12-lp152.4.9.1 | Sep 4, 2020 | The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _ | ||
| CVE-2019-20907 | — | < 3.6.10-lp152.4.6.2 | 3.6.10-lp152.4.6.2 | Jul 13, 2020 | In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. | ||
| CVE-2020-14422 | — | < 3.6.10-lp152.4.3.1 | 3.6.10-lp152.4.3.1 | Jun 18, 2020 | Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or I |
- CVE-2019-20916Sep 4, 2020affected < 3.6.12-lp152.4.9.1fixed 3.6.12-lp152.4.9.1
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _
- CVE-2019-20907Jul 13, 2020affected < 3.6.10-lp152.4.6.2fixed 3.6.10-lp152.4.6.2
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
- CVE-2020-14422Jun 18, 2020affected < 3.6.10-lp152.4.3.1fixed 3.6.10-lp152.4.3.1
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or I