616 matches found
USN-4601-1: pip vulnerability
It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack. CVE-2019-20916...
Moderate: Red Hat Security Advisory: python27 security, bug fix, and enhancement update
An update for python27-python, python27-python-pip, and python27-python-virtualenv is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detail...
openSUSE Security Update : python-pip (openSUSE-2020-1613)
This update for python-pip fixes the following issues : - CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
openSUSE: Security Advisory for python-pip (openSUSE-SU-2020:1613-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE: Security Advisory for python-pip (openSUSE-SU-2020:1598-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : python-pip (openSUSE-2020-1598)
This update for python-pip fixes the following issues : - CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
OPENSUSE-SU-2020:1613-1 Security update for python-pip
This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262 This update was imported from the SUSE:SLE-15:Update update project...
Security update for python-pip (moderate)
openSUSE Security Update: Security update for python-pip Announcement ID: openSUSE-SU-2020:1598-1 Rating: moderate References: 1176262 Cross-References: CVE-2019-20916 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for...
Security update for python-pip (moderate)
openSUSE Security Update: Security update for python-pip Announcement ID: openSUSE-SU-2020:1613-1 Rating: moderate References: 1176262 Cross-References: CVE-2019-20916 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...
OPENSUSE-SU-2020:1598-1 Security update for python-pip
This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262 This update was imported from the SUSE:SLE-15:Update update project...
CVE-2020-26137
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...
SUSE-SU-2020:2784-1 Security update for python-pip
This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262...
SUSE-SU-2020:2726-1 Security update for python-pip
This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262...
SUSE-SU-2020:2698-1 Security update for python-pip
This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262...
Debian DLA-2370-1 : python-pip security update
It was discovered that there was a directory traversal attack in pip, the Python package installer. When an URL was given in an install command, as a Content-Disposition header was permitted to have '../' components in their filename, arbitrary local files eg. /root/.ssh/authorizedkeys could be...
[SECURITY] [DLA 2370-1] python-pip security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2370-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb September 11, 2020 https://wiki.debian.org/LTS -...
DLA-2370-1 python-pip - security update
Bulletin has no description...
Python pip directory traversal vulnerability
Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A directory traversal vulnerability exists in Python pip versions prior to 19.2. The vulnerability stems...
PYSEC-2020-173
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...
PYSEC-2020-192
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...