rpm package
suse/python3-base&distro=SUSE Linux Enterprise Module for Basesystem 15 SP2
pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-20916 | — | < 3.6.12-3.64.2 | 3.6.12-3.64.2 | Sep 4, 2020 | The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _ | ||
| CVE-2019-20907 | — | < 3.6.10-3.59.1 | 3.6.10-3.59.1 | Jul 13, 2020 | In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. | ||
| CVE-2020-14422 | — | < 3.6.10-3.56.1 | 3.6.10-3.56.1 | Jun 18, 2020 | Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or I |
- CVE-2019-20916Sep 4, 2020affected < 3.6.12-3.64.2fixed 3.6.12-3.64.2
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _
- CVE-2019-20907Jul 13, 2020affected < 3.6.10-3.59.1fixed 3.6.10-3.59.1
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
- CVE-2020-14422Jun 18, 2020affected < 3.6.10-3.56.1fixed 3.6.10-3.56.1
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or I