VYPR

rpm package

suse/python-pip&distro=HPE Helion OpenStack 8

pkg:rpm/suse/python-pip&distro=HPE%20Helion%20OpenStack%208

Vulnerabilities (2)

  • CVE-2021-3572MedNov 10, 2021
    affected < 9.0.1-3.6.1fixed 9.0.1-3.6.1

    A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip

  • CVE-2019-20916HigSep 4, 2020
    affected < 9.0.1-3.3.1fixed 9.0.1-3.3.1

    The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _