Описание
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-pip | not-affected | package |
Примечания
https://github.com/pypa/pip/pull/780/files
Not-affected as vulnerable code only in 1.3, and 1.3.1-1 fixed the issue.
Связанные уязвимости
ubuntu
больше 12 лет назад
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
nvd
больше 12 лет назад
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
CVSS3: 6.2
github
больше 3 лет назад
Improper Link Resolution Before File Access in pip