CVE-2019-20916 — Path Traversal in PIP
Severity
7.5HIGHNVD
EPSS
0.6%
top 29.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 4
Latest updateApr 15
Description
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages5 packages
Also affects: Debian Linux 9.0
Patches
🔴Vulnerability Details
5📋Vendor Advisories
6Oracle
▶
Oracle▶
Oracle Oracle Communications Risk Matrix: CNE (Package Installer for Python) — CVE-2019-20916↗2022-07-15
Microsoft▶
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command because a Content-Disposition header can have ../ in a filename as demonstrated by overwriti↗2020-09-08
Red Hat▶
python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py↗2019-04-16
💬Community
4Bugzilla▶
CVE-2019-20916 python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py↗2020-08-11
Bugzilla▶
CVE-2019-20916 python-virtualenv: python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py [epel-6]↗2020-08-11
Bugzilla▶
CVE-2019-20916 python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py [epel-6]↗2020-08-11
Bugzilla▶
CVE-2019-20916 python-pip-epel: python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py [epel-7]↗2020-08-11