Lucene search

K
osvGoogleOSV:USN-4601-1
HistoryOct 22, 2020 - 10:18 p.m.

python-pip vulnerability

2020-10-2222:18:11
Google
osv.dev
17
python
pip
vulnerability
remote attacker
filesystem
directory traversal
cve-2019-20916

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

73.8%

It was discovered that pip did not properly sanitize the filename during
pip install. A remote attacker could possible use this issue to read and
write arbitrary files on the host filesystem as root, resulting in a
directory traversal attack. (CVE-2019-20916)