Описание
ELSA-2020-4432: python-pip security update (MODERATE)
[9.0.3-18]
- Patch for pip install allow directory traversal, leading to arbitrary file write Resolves: rhbz#1868016
[9.0.3-17]
- Remove unused CA bundle from the bundled requests library Resolves: rhbz#1775200
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
platform-python-pip
9.0.3-18.el8
python3-pip
9.0.3-18.el8
python3-pip-wheel
9.0.3-18.el8
Oracle Linux x86_64
platform-python-pip
9.0.3-18.el8
python3-pip
9.0.3-18.el8
python3-pip-wheel
9.0.3-18.el8
Связанные CVE
Связанные уязвимости
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
The pip package before 19.2 for Python allows Directory Traversal when ...