Описание
ELSA-2022-9204: python-pip security update (IMPORTANT)
[9.0.3-8.0.1]
- CVE-2019-20916 [Orabug: 33861505]
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
python3-pip
9.0.3-8.0.1.el7
Oracle Linux x86_64
python3-pip
9.0.3-8.0.1.el7
Связанные CVE
Связанные уязвимости
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
The pip package before 19.2 for Python allows Directory Traversal when ...