Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2022-9204

Опубликовано: 10 мар. 2022
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2022-9204: python-pip security update (IMPORTANT)

[9.0.3-8.0.1]

  • CVE-2019-20916 [Orabug: 33861505]

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

python3-pip

9.0.3-8.0.1.el7

Oracle Linux x86_64

python3-pip

9.0.3-8.0.1.el7

Связанные CVE

Связанные уязвимости

CVSS3: 7.5
ubuntu
почти 5 лет назад

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

CVSS3: 8
redhat
больше 6 лет назад

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

CVSS3: 7.5
nvd
почти 5 лет назад

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

CVSS3: 7.5
msrc
больше 4 лет назад

Описание отсутствует

CVSS3: 7.5
debian
почти 5 лет назад

The pip package before 19.2 for Python allows Directory Traversal when ...