exploitDog

ELSA-2023-7176

Опубликовано: 17 нояб. 2023

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2023-7176: python-pip security update (MODERATE)

[9.0.3-23]

Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706) Resolves: RHBZ#2218241

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

platform-python-pip

9.0.3-23.el8

python3-pip

9.0.3-23.el8

python3-pip-wheel

9.0.3-23.el8

Oracle Linux x86_64

platform-python-pip

9.0.3-23.el8

python3-pip

9.0.3-23.el8

python3-pip-wheel

9.0.3-23.el8

Связанные CVE

Ссылки на источники

Связанные уязвимости

CVE-2007-4559

CVSS3: 9.8

ubuntu

почти 18 лет назад

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

CVE-2007-4559

CVSS3: 5.5

redhat

почти 18 лет назад

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

CVE-2007-4559

CVSS3: 9.8

nvd

почти 18 лет назад

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

CVE-2007-4559

CVSS3: 9.8

msrc

9 месяцев назад

Описание отсутствует

CVE-2007-4559

CVSS3: 9.8

debian

почти 18 лет назад

Directory traversal vulnerability in the (1) extract and (2) extractal ...