CVE-2019-20916
Description
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.622
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-20916 are fixed in Python-pip 19.2 | Windows |
| Python package installer (USN-4601-1) python-pip_9.0.1-2.3~ubuntu1.18.04.4_all.deb | Linux |
| Python package installer (USN-4601-1) python3-pip_9.0.1-2.3~ubuntu1.18.04.4_all.deb | Linux |
| (RHSA-2020:4432) python-pip security update platform-python-pip-9.0.3-18.el8.noarch.rpm | Linux |
| (RHSA-2020:4432) python-pip security update python3-pip-9.0.3-18.el8.noarch.rpm | Linux |
| (RHSA-2020:4432) python-pip security update python3-pip-wheel-9.0.3-18.el8.noarch.rpm | Linux |
| SUSE-SU-2020:3596-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_4m1_0-3.4.10-25.58.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3596-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_4m1_0-32bit-3.4.10-25.58.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3596-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_4m1_0-debuginfo-3.4.10-25.58.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3596-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_4m1_0-debuginfo-32bit-3.4.10-25.58.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3596-1(SUSE Linux Enterprise Server 12-SP5 ) python3-3.4.10-25.58.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3596-1(SUSE Linux Enterprise Server 12-SP5 ) python3-base-3.4.10-25.58.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3596-1(SUSE Linux Enterprise Server 12-SP5 ) python3-base-debuginfo-3.4.10-25.58.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3596-1(SUSE Linux Enterprise Server 12-SP5 ) python3-base-debuginfo-32bit-3.4.10-25.58.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3596-1(SUSE Linux Enterprise Server 12-SP5 ) python3-base-debugsource-3.4.10-25.58.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3596-1(SUSE Linux Enterprise Server 12-SP5 ) python3-curses-3.4.10-25.58.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3596-1(SUSE Linux Enterprise Server 12-SP5 ) python3-curses-debuginfo-3.4.10-25.58.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3596-1(SUSE Linux Enterprise Server 12-SP5 ) python3-debuginfo-3.4.10-25.58.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3596-1(SUSE Linux Enterprise Server 12-SP5 ) python3-debugsource-3.4.10-25.58.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3596-1(SUSE Linux Enterprise Server 12-SP5 ) python3-devel-3.4.10-25.58.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3596-1(SUSE Linux Enterprise Server 12-SP5 ) python3-devel-debuginfo-3.4.10-25.58.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3596-1(SUSE Linux Enterprise Server 12-SP5 ) python3-tk-3.4.10-25.58.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3596-1(SUSE Linux Enterprise Server 12-SP5 ) python3-tk-debuginfo-3.4.10-25.58.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) libpython2_7-1_0-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) libpython2_7-1_0-32bit-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) libpython2_7-1_0-debuginfo-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) libpython2_7-1_0-debuginfo-32bit-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-32bit-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-base-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-base-32bit-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-base-debuginfo-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-base-debuginfo-32bit-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-base-debugsource-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-curses-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-curses-debuginfo-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-debuginfo-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-debuginfo-32bit-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-debugsource-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-demo-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-devel-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-doc-2.7.17-28.59.1.noarch.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-doc-pdf-2.7.17-28.59.1.noarch.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-gdbm-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-gdbm-debuginfo-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-idle-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-tk-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-tk-debuginfo-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-xml-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3765-1(SUSE Linux Enterprise Server 12-SP5 ) python-xml-debuginfo-2.7.17-28.59.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3865-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-3.6.12-4.25.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3865-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-debuginfo-3.6.12-4.25.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3865-1(SUSE Linux Enterprise Server 12-SP5 ) python36-3.6.12-4.25.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3865-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-3.6.12-4.25.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3865-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-debuginfo-3.6.12-4.25.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3865-1(SUSE Linux Enterprise Server 12-SP5 ) python36-debuginfo-3.6.12-4.25.1.x86_64.rpm | Linux |
| SUSE-SU-2020:3865-1(SUSE Linux Enterprise Server 12-SP5 ) python36-debugsource-3.6.12-4.25.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0344-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_4m1_0-3.4.10-25.63.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0344-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_4m1_0-32bit-3.4.10-25.63.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0344-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_4m1_0-debuginfo-3.4.10-25.63.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0344-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_4m1_0-debuginfo-32bit-3.4.10-25.63.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0344-1(SUSE Linux Enterprise Server 12-SP5 ) python3-3.4.10-25.63.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0344-1(SUSE Linux Enterprise Server 12-SP5 ) python3-base-3.4.10-25.63.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0344-1(SUSE Linux Enterprise Server 12-SP5 ) python3-base-debuginfo-3.4.10-25.63.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0344-1(SUSE Linux Enterprise Server 12-SP5 ) python3-base-debuginfo-32bit-3.4.10-25.63.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0344-1(SUSE Linux Enterprise Server 12-SP5 ) python3-base-debugsource-3.4.10-25.63.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0344-1(SUSE Linux Enterprise Server 12-SP5 ) python3-curses-3.4.10-25.63.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0344-1(SUSE Linux Enterprise Server 12-SP5 ) python3-curses-debuginfo-3.4.10-25.63.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0344-1(SUSE Linux Enterprise Server 12-SP5 ) python3-debuginfo-3.4.10-25.63.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0344-1(SUSE Linux Enterprise Server 12-SP5 ) python3-debugsource-3.4.10-25.63.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0344-1(SUSE Linux Enterprise Server 12-SP5 ) python3-devel-3.4.10-25.63.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0344-1(SUSE Linux Enterprise Server 12-SP5 ) python3-devel-debuginfo-3.4.10-25.63.2.x86_64.rpm | Linux |
| SUSE-SU-2021:0344-1(SUSE Linux Enterprise Server 12-SP5 ) python3-tk-3.4.10-25.63.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0344-1(SUSE Linux Enterprise Server 12-SP5 ) python3-tk-debuginfo-3.4.10-25.63.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) libpython2_7-1_0-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) libpython2_7-1_0-32bit-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) libpython2_7-1_0-debuginfo-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) libpython2_7-1_0-debuginfo-32bit-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-32bit-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-base-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-base-32bit-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-base-debuginfo-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-base-debuginfo-32bit-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-base-debugsource-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-curses-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-curses-debuginfo-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-debuginfo-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-debuginfo-32bit-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-debugsource-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-demo-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-devel-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-doc-2.7.17-28.64.3.noarch.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-doc-pdf-2.7.17-28.64.3.noarch.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-gdbm-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-gdbm-debuginfo-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-idle-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-tk-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-tk-debuginfo-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-xml-2.7.17-28.64.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0432-1(SUSE Linux Enterprise Server 12-SP5 ) python-xml-debuginfo-2.7.17-28.64.1.x86_64.rpm | Linux |
| Python3-pip update (ELSA-2022-9204) python3-pip-9.0.3-8.0.1.el7.noarch.rpm | Linux |
| (RHSA-2022:5234) python-virtualenv security update python-virtualenv-15.1.0-7.el7_9.noarch.rpm | Linux |
| Python-virtualenv update (ELSA-2022-5234) python-virtualenv-15.1.0-7.el7_9.noarch.rpm | Linux |
| SUSE-SU-2020:3563-1(SUSE Linux Enterprise Server 12-SP5) libpython3_6m1_0-3.6.12-4.22.2.x86_64.rpm | Linux |
| SUSE-SU-2020:3563-1(SUSE Linux Enterprise Server 12-SP5) libpython3_6m1_0-debuginfo-3.6.12-4.22.2.x86_64.rpm | Linux |
| SUSE-SU-2020:3563-1(SUSE Linux Enterprise Server 12-SP5) python36-3.6.12-4.22.2.x86_64.rpm | Linux |
| SUSE-SU-2020:3563-1(SUSE Linux Enterprise Server 12-SP5) python36-base-3.6.12-4.22.2.x86_64.rpm | Linux |
| SUSE-SU-2020:3563-1(SUSE Linux Enterprise Server 12-SP5) python36-base-debuginfo-3.6.12-4.22.2.x86_64.rpm | Linux |
| SUSE-SU-2020:3563-1(SUSE Linux Enterprise Server 12-SP5) python36-debuginfo-3.6.12-4.22.2.x86_64.rpm | Linux |
| SUSE-SU-2020:3563-1(SUSE Linux Enterprise Server 12-SP5) python36-debugsource-3.6.12-4.22.2.x86_64.rpm | Linux |
| Vulnerabilities CVE-2019-20916 are fixed in Python-pip for linux 19.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234