GHSA-53mr-44pp-crf4

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS4: 5.5

CVSS3: 6.2

Описание

pip lack of randomness in build directory

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

Ссылки

Пакеты

Наименование

pip

Затронутые версииВерсия исправления

>= 1.3, < 6.0

6.0

EPSS

Процентиль: 22%

0.00072

Низкий

5.5 Medium

CVSS4

6.2 Medium

CVSS3

CVE ID

CVE-2014-8991

Связанные уязвимости

CVE-2014-8991

ubuntu

около 11 лет назад

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

CVE-2014-8991

redhat

около 12 лет назад

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

CVE-2014-8991

nvd

около 11 лет назад

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

CVE-2014-8991

msrc

4 месяца назад

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

CVE-2014-8991

debian

около 11 лет назад

pip 1.3 through 1.5.6 allows local users to cause a denial of service ...

EPSS

Процентиль: 22%

0.00072

Низкий

5.5 Medium

CVSS4

6.2 Medium

CVSS3

CVE ID

CVE-2014-8991