Описание
ELSA-2022-5234: python-virtualenv security update (MODERATE)
[15.1.0-7]
- Security fix for CVE-2019-20916 for the bundled pip wheel Resolves: rhbz#1868135
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
python-virtualenv
15.1.0-7.el7_9
Oracle Linux x86_64
python-virtualenv
15.1.0-7.el7_9
Связанные CVE
Связанные уязвимости
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
The pip package before 19.2 for Python allows Directory Traversal when ...