Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2018-20225

Published: 08/05/2020 Updated: 11/04/2024
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Pypa

Vulnerability Summary

An issue exists in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pypa pip

Vendor Advisories

Arch Linux Issues:
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the atta ...

Github Repositories

https://github.com/cbdq-io/docker-grype

Wrap Anchore Grype Inside Docker

docker-grype Wrap Anchore Grype Inside Docker and Provide Allowed List Functionality Environment Variables ADD_CPES_IF_NONE (optional): If set to 1, set the --add-cpes-if-none when running the Grype command By default, this flag will not be set BY_CVE (optional): If set to 1, set the --by-cve flag when running the Grype command This will orient results by CVE instead of

https://github.com/marininvp/SDL

SDL Lab1 Содержимое проекта dump backupsql (резервная копия хранилища данных, используемого в проекте)ъ nginx nginxconf (главный конфигурационный файл nginx) templates indexhtml (файл вёрстки веб-сайта) docker-composeyml (файл конфигурац

https://github.com/sonatype-nexus-community/ossindex-python

Python library for querying OSS Index

Python Library for quering OSS Index This OSSIndex module for Python provides a common interface to querying the OSS Index This module is not designed for standalone use If you're looking for a tool that can detect your application's dependencies and assess them for vulnerabilities against the OSS Index, perhaps you should check out Jake You can of course

References

CWE-20https://pip.pypa.io/en/stable/news/https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1835736https://lists.apache.org/thread.html/rb1adce798445facd032870d644eb39c4baaf9c4a7dd5477d12bb6ab2%40%3Cgithub.arrow.apache.org%3Ehttps://nvd.nist.govhttps://github.com/cbdq-io/docker-grypehttps://security.archlinux.org/CVE-2018-20225
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook