Published: 08/05/2020 Updated: 17/05/2024

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely

Vulnerable Product	Search on Vulmon	Subscribe to Product
pypa pip

An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the atta ...

Wrap Anchore Grype Inside Docker

docker-grype Wrap Anchore Grype Inside Docker and Provide Allowed List Functionality Environment Variables ADD_CPES_IF_NONE (optional): If set to 1, set the --add-cpes-if-none when running the Grype command By default, this flag will not be set BY_CVE (optional): If set to 1, set the --by-cve flag when running the Grype command This will orient results by CVE instead of

Python library for querying OSS Index

Python Library for quering OSS Index This OSSIndex module for Python provides a common interface to querying the OSS Index This module is not designed for standalone use If you're looking for a tool that can detect your application's dependencies and assess them for vulnerabilities against the OSS Index, perhaps you should check out Jake You can of course

SDL Lab1 Содержимое проекта dump backupsql (резервная копия хранилища данных, используемого в проекте)ъ nginx nginxconf (главный конфигурационный файл nginx) templates indexhtml (файл вёрстки веб-сайта) docker-composeyml (файл конфигурац�

manage_django_project is a helper to develop Django projects: Easy bootstrap and (optional) cmd2 shell for all registered manage commands.

manage_django_project Helper to develop Django projects: Easy bootstrap a virtual environment: Just get the sources and call /managepy Only python3-pip and python3-venv package needed to bootstarp Alle Django manage commands useable as normal CLI and via cmd2 shell cmd2 shell with autocomplete of all existing manage commands and all options Auto switching Django sett

CWE-20 https://pip.pypa.io/en/stable/news/https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://lists.apache.org/thread.html/rb1adce798445facd032870d644eb39c4baaf9c4a7dd5477d12bb6ab2%40%3Cgithub.arrow.apache.org%3E https://nvd.nist.gov https://github.com/cbdq-io/docker-grype https://security.archlinux.org/CVE-2018-20225

CVE-2018-20225

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect