CVE-2019-20916

Aliases:GHSA-gpvv-69j7-gwj8PYSEC-2020-173

Advisory lineage Upstream: 0 Downstream: 50

Downstream

DEBIAN-CVE-2019-20916 DLA-2370-1 MGASA-2021-0054 OPENSUSE-SU-2020:1598-1 OPENSUSE-SU-2020:1613-1 OPENSUSE-SU-2020:2143-1

Modified

Published: 04 Sept 2020, 19:20

Last modified:05 Aug 2024, 03:00

Vulnerability Summary

Overall Risk (default)

medium

40/100

CVSS Score

7.5 HIGH

v3.1 (nvd)

EPSS Score

0.62% LOW

1% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

04 Sept 2020, 19:20

Published

Vulnerability first disclosed

05 Aug 2024, 03:00

Last Modified

Vulnerability information updated

Description

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

CVSS Metrics

v4.0•HIGH•Score: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 0.62%• Percentile: 70%

Techniques & Countermeasures

CWE-22•Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Affected Systems

debian•debian_linux
9.0
opensuse•leap
15.1 | 15.2
oracle•communications_cloud_native_core_network_function_cloud_native_environment
1.10.0 | 22.1.0
oracle•communications_cloud_native_core_policy
1.15.0
pypa•pip
< 19.2
PyPI•pip
< a4c735b14a62f9cb864533808ac63936704f2ace | < 19.2