rpm package
suse/python3-base&distro=SUSE Linux Enterprise Server 15-LTSS
pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-20916 | — | < 3.6.12-3.64.2 | 3.6.12-3.64.2 | Sep 4, 2020 | The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _ | ||
| CVE-2020-14422 | — | < 3.6.10-3.56.1 | 3.6.10-3.56.1 | Jun 18, 2020 | Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or I |
- CVE-2019-20916Sep 4, 2020affected < 3.6.12-3.64.2fixed 3.6.12-3.64.2
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _
- CVE-2020-14422Jun 18, 2020affected < 3.6.10-3.56.1fixed 3.6.10-3.56.1
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or I