Published: 04/09/2020 Updated: 08/02/2024

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The pip package prior to 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pypa pip
opensuse leap 15.1
opensuse leap 15.2
debian debian linux 9.0
oracle communications cloud native core policy 1.15.0
oracle communications cloud native core network function cloud native environment 22.1.0
oracle communications cloud native core network function cloud native environment 1.10.0

The pip package before 192 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have / in a filename, as demonstrated by overwriting the /root/ssh/authorized_keys file This occurs in _download_http_url in _internal/downloadpy (CVE-2019-20916) ...

Synopsis Moderate: python-pip security update Type/Severity Security Advisory: Moderate Topic An update for python-pip is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sco ...

Synopsis Moderate: python27:27 security update Type/Severity Security Advisory: Moderate Topic An update for the python27:27 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...

Synopsis Moderate: rh-python36 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-python36-python, rh-python36-python-pip, and rh-python36-python-virtualenv is now available for Red Hat Software CollectionsRed Hat Product Security has rated this updat ...

Synopsis Moderate: python27 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for python27-python, python27-python-pip, and python27-python-virtualenv is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having ...

Synopsis Moderate: Release of OpenShift Serverless 1110 Type/Severity Security Advisory: Moderate Topic Release of OpenShift Serverless 1110 Description Red Hat OpenShift Serverless 1110 is a generally available release of theOpenShift Serverless Operator This version of the OpenShif ...

Synopsis Moderate: OpenShift Container Platform 46 compliance-operator security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container ...

Synopsis Moderate: Red Hat Quay v333 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat Quay v333 is now available with bug fixes and security updatesRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...

Synopsis Moderate: Red Hat OpenShift Container Storage 460 security, bug fix, enhancement update Type/Severity Security Advisory: Moderate Topic Updated images are now available for Red Hat OpenShift Container Storage 460 on Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ha ...

Deep dive into Clair image vulnerability scanning

Deep Dive into Clair Image Vulnerability Scanning Clair Documentation What is ClairCore Updaters and Defaults Vulnerability Databases Alpine security database secdbalpinelinuxorg/ Amazon Linux security database repodata/updateinfoxmlgz cdnamazonlinuxcom/2/core/20/x86_64/3c5ff503186aefc295ca296adf15aa0884f998fff0c78d5fc6448735eb664d26/repodata/updateinf

A tool to analyse the list of detected CVEs in the containers (usually created by static security scanner) and compare them to the Red Hat Security Data.

cve-analyser A tool to analyse the list of detected CVEs in the containers (usually created by security scanner like JFrog, Aqua, Sysdig or similar) and compare them to the Red Hat Security Data The cve-analyser can find fixes in the rpm packages bundled in the specified container, as well as the fixes in the non-rpm content (like nodejs libraries) Usage To use this tool just

Operating a Zammad Instance in the Google Cloud Abstract Simple and straightforward setup and operation using this guide Updates via swapping the Docker image Lowest possible operating costs Spot instance (Spot VMs may be terminated at any time) Default network Standard storage Time-controlled operation possible Operating in Central America (Iowa) Zammad instance on a VM

CWE-22 https://github.com/pypa/pip/issues/6413 https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace https://github.com/pypa/pip/compare/19.1.1...19.2 https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2021-1639.html https://github.com/noseka1/deep-dive-into-clair

Get Started

CVE-2019-20916

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect