Lucene search
OracleLinuxELSA-2020-4432HistoryNov 10, 2020 - 12:00 a.m.
python-pip security update
2020-11-1000:00:00
linux.oracle.com
24
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
[9.0.3-18]
- Patch for pip install
allow directory traversal, leading to arbitrary file write
Resolves: rhbz#1868016
[9.0.3-17] - Remove unused CA bundle from the bundled requests library
Resolves: rhbz#1775200
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 8 | src | python-pip | < 9.0.3-18.el8 | python-pip-9.0.3-18.el8.src.rpm |
| oracle linux | 8 | noarch | platform-python-pip | < 9.0.3-18.el8 | platform-python-pip-9.0.3-18.el8.noarch.rpm |
| oracle linux | 8 | noarch | python3-pip | < 9.0.3-18.el8 | python3-pip-9.0.3-18.el8.noarch.rpm |
| oracle linux | 8 | noarch | python3-pip-wheel | < 9.0.3-18.el8 | python3-pip-wheel-9.0.3-18.el8.noarch.rpm |
| oracle linux | 8 | src | python-pip | < 9.0.3-18.el8 | python-pip-9.0.3-18.el8.src.rpm |
| oracle linux | 8 | noarch | platform-python-pip | < 9.0.3-18.el8 | platform-python-pip-9.0.3-18.el8.noarch.rpm |
| oracle linux | 8 | noarch | python3-pip | < 9.0.3-18.el8 | python3-pip-9.0.3-18.el8.noarch.rpm |
| oracle linux | 8 | noarch | python3-pip-wheel | < 9.0.3-18.el8 | python3-pip-wheel-9.0.3-18.el8.noarch.rpm |
Related
nessus
nessus
openSUSE Security Update : python (openSUSE-2020-2211)
2020-12-10 00:00:00
openSUSE Security Update : python-pip (openSUSE-2020-2169)
2020-12-07 00:00:00
SUSE SLES12 Security Update : python3 (SUSE-SU-2021:0344-1)
2021-02-09 00:00:00
osv
osv
PYSEC-2020-173
2020-09-04 20:15:00
python-pip - security update
2020-09-11 00:00:00
python-pip vulnerability
2020-10-22 22:18:11
openvas
openvas
Debian: Security Advisory (DLA-2370-1)
2020-09-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:3596-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2020-2503)
2020-12-01 00:00:00
debiancve
debiancve
CVE-2019-20916
2020-09-04 20:15:00
suse
suse
Security update for python-pip (moderate)
2022-04-28 00:00:00
Security update for python (important)
2020-12-09 00:00:00
Security update for python-pip (important)
2020-12-05 00:00:00
almalinux
almalinux
Moderate: python-pip security update
2020-11-03 12:04:06
Moderate: python27:2.7 security update
2020-11-03 12:24:08
redhat
redhat
(RHSA-2020:4432) Moderate: python-pip security update
2020-11-03 12:04:06
(RHSA-2022:5234) Moderate: python-virtualenv security update
2022-06-28 07:52:36
(RHSA-2020:4654) Moderate: python27:2.7 security update
2020-11-03 12:24:08
redhatcve
redhatcve
CVE-2019-20916
2020-09-07 14:21:56
cbl_mariner
cbl_mariner
CVE-2019-20916 affecting package python-pip 18.0-5
2021-01-11 21:49:40
veracode
veracode
Directory Traversal
2019-06-13 01:55:10
ibm
ibm
Security Bulletin: A vulnerability in Python affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2019-20916)
2023-01-12 21:59:00
ubuntu
ubuntu
pip vulnerability
2020-10-22 00:00:00
amazon
amazon
Medium: python-pip
2021-05-20 16:07:00
prion
prion
Directory traversal
2020-09-04 20:15:00
ubuntucve
ubuntucve
CVE-2019-20916
2020-09-04 00:00:00
github
github
Path Traversal in pip
2021-06-09 17:35:04
cve
cve
CVE-2019-20916
2020-09-04 20:15:00
centos
centos
python security update
2022-08-02 19:21:51
oraclelinux
oraclelinux
python-virtualenv security update
2022-06-29 00:00:00
python-pip security update
2022-03-10 00:00:00
python27:2.7 security update
2020-11-10 00:00:00
debian
debian
[SECURITY] [DLA 2370-1] python-pip security update
2020-09-11 10:16:16
rocky
rocky
python27:2.7 security update
2020-11-03 12:24:08
redos
redos
ROS-20230619-05
2023-06-19 00:00:00
mageia
mageia
Updated python-pip packages fix security vulnerabilities
2021-01-25 18:25:52
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related for ELSA-2020-4432