Lucene search
GoogleOSV:CVE-2019-20916HistorySep 04, 2020 - 8:15 p.m.
CVE-2019-20916
2020-09-0420:15:11
Google
osv.dev
14
EPSS
0.004
Percentile
73.8%
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have …/ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
References
lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html
lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html
github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace
github.com/pypa/pip/compare/19.1.1...19.2
github.com/pypa/pip/issues/6413
lists.debian.org/debian-lts-announce/2020/09/msg00010.html
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujul2022.html
Related
amazon
amazon
Medium: python-pip
2021-05-20 16:07:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:3597-1)
2020-12-09 00:00:00
SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:3593-1)
2020-12-09 00:00:00
veracode
veracode
Directory Traversal
2019-06-13 01:55:10
ubuntu
ubuntu
pip vulnerability
2020-10-22 00:00:00
suse
suse
Security update for python-pip (moderate)
2020-10-04 00:00:00
Security update for python-setuptools (important)
2020-12-01 00:00:00
Security update for python-pip (moderate)
2022-04-28 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:1454-1)
2022-04-28 00:00:00
Ubuntu: Security Advisory (USN-4601-1)
2020-10-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:3593-1)
2021-04-19 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in Python affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2019-20916)
2023-01-12 21:59:00
debiancve
debiancve
CVE-2019-20916
2020-09-04 20:15:11
osv
osv
PYSEC-2020-173
2020-09-04 20:15:00
python-pip - security update
2020-09-11 00:00:00
python-pip vulnerability
2020-10-22 22:18:11
cvelist
cvelist
CVE-2019-20916
2020-09-04 19:20:55
redhatcve
redhatcve
CVE-2019-20916
2020-09-07 14:21:56
oraclelinux
oraclelinux
python-pip security update
2020-11-10 00:00:00
python-virtualenv security update
2022-06-29 00:00:00
python-pip security update
2022-03-10 00:00:00
cbl_mariner
cbl_mariner
CVE-2019-20916 affecting package python-pip 18.0-5
2021-01-11 21:49:40
almalinux
almalinux
Moderate: python-pip security update
2020-11-03 12:04:06
Moderate: python27:2.7 security update
2020-11-03 12:24:08
redhat
redhat
(RHSA-2020:4432) Moderate: python-pip security update
2020-11-03 12:04:06
(RHSA-2022:5234) Moderate: python-virtualenv security update
2022-06-28 07:52:36
(RHSA-2020:4654) Moderate: python27:2.7 security update
2020-11-03 12:24:08
prion
prion
Directory traversal
2020-09-04 20:15:00
ubuntucve
ubuntucve
CVE-2019-20916
2020-09-04 00:00:00
cve
cve
CVE-2019-20916
2020-09-04 20:15:11
github
github
Path Traversal in pip
2021-06-09 17:35:04
nvd
nvd
CVE-2019-20916
2020-09-04 20:15:11
centos
centos
python security update
2022-08-02 19:21:51
debian
debian
[SECURITY] [DLA 2370-1] python-pip security update
2020-09-11 10:16:16
rocky
rocky
python27:2.7 security update
2020-11-03 12:24:08
redos
redos
ROS-20230619-05
2023-06-19 00:00:00
mageia
mageia
Updated python-pip packages fix security vulnerabilities
2021-01-25 18:25:52
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00