rpm package
suse/python-pip&distro=SUSE OpenStack Cloud 8
pkg:rpm/suse/python-pip&distro=SUSE%20OpenStack%20Cloud%208
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3572 | — | < 9.0.1-3.6.1 | 9.0.1-3.6.1 | Nov 10, 2021 | A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip | ||
| CVE-2019-20916 | — | < 9.0.1-3.3.1 | 9.0.1-3.3.1 | Sep 4, 2020 | The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _ |
- CVE-2021-3572Nov 10, 2021affected < 9.0.1-3.6.1fixed 9.0.1-3.6.1
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip
- CVE-2019-20916Sep 4, 2020affected < 9.0.1-3.3.1fixed 9.0.1-3.3.1
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _