CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
31.0%
pip 1.3 through 1.5.6 allows local users to cause a denial of service
(prevention of package installation) by creating a /tmp/pip-build-* file
for another user.
Author | Note |
---|---|
msalvatore | The patch from upstream does not resolve the CVE. Backporting this the actual fix for trusty requires invasive changes that will change the command line interface. The issues is first fixed in version 7.0.0 and the changelog mentions it is backwards incompatible. |