Lucene search
MitreCVELIST:CVE-2018-20225HistoryMay 08, 2020 - 5:29 p.m.
CVE-2018-20225
2020-05-0817:29:12
mitre
www.cve.org
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely
Related
nvd
nvd
CVE-2018-20225
2020-05-08 18:15:10
nessus
nessus
EulerOS Virtualization 2.9.1 : python-pip (EulerOS-SA-2021-1728)
2021-04-15 00:00:00
RHEL 8 : python-pip (Unpatched Vulnerability)
2024-05-11 00:00:00
EulerOS Virtualization 2.9.0 : python-pip (EulerOS-SA-2021-1745)
2021-04-15 00:00:00
redhatcve
redhatcve
CVE-2018-20225
2020-05-14 12:40:05
openvas
openvas
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2021-1745)
2021-04-13 00:00:00
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2021-1728)
2021-04-13 00:00:00
ubuntucve
ubuntucve
CVE-2018-20225
2020-05-08 00:00:00
ibm
ibm
cve
cve
CVE-2018-20225
2020-05-08 18:15:10
cbl_mariner
cbl_mariner
CVE-2018-20225 affecting package python-pip 19.2-2
2024-06-19 15:17:25
debiancve
debiancve
CVE-2018-20225
2020-05-08 18:15:10
prion
prion
Denial of service
2020-05-08 18:15:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00