[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2021-0054":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":18,"duplicates":19,"related":20,"reserved_at":9,"published_at":23,"modified_at":24,"state":9,"summary":25,"references_raw":27,"kevs":51,"epss":9,"epss_history":52,"metrics":53,"affected":54},"MGASA-2021-0054","Updated python-pip packages fix security vulnerabilities\n\nIt was discovered that pip did not properly sanitize the filename during pip\ninstall. A remote attacker could possible use this issue to read and write\narbitrary files on the host filesystem as root, resulting in a directory\ntraversal attack (CVE-2019-20916).\n\nurllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP\nrequest method, as demonstrated by inserting CR and LF control characters in\nthe first argument of putrequest(). The python-pip package bundles a copy of\npython-urllib3, which was affected by this issue.  The bundled copy was\npatched to fix the issue (CVE-2020-26137).\n",null,[],[],[],[14,16],{"_key":15},"CVE-2019-20916",{"_key":17},"CVE-2020-26137",[],[],[21,22],{"_key":15},{"_key":17},"2021-01-25T15:25:52Z","2026-04-16T04:25:26.654183Z",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[28,34,39,43,47],{"url":29,"sources":30,"tags":32},"https://advisories.mageia.org/MGASA-2021-0054.html",[31],"osv_mageia",[33],"Advisory",{"url":35,"sources":36,"tags":37},"https://bugs.mageia.org/show_bug.cgi?id=27301",[31],[38],"REPORT",{"url":40,"sources":41,"tags":42},"https://bugs.mageia.org/show_bug.cgi?id=27407",[31],[38],{"url":44,"sources":45,"tags":46},"https://ubuntu.com/security/notices/USN-4601-1",[31],[38,33],{"url":48,"sources":49,"tags":50},"https://ubuntu.com/security/notices/USN-4570-1",[31],[38,33],[],[],[],[55],{"ecosystem":56,"name":57,"vendor":58,"product":57,"cpe_part":9,"purl_type":59,"purl_namespace":58,"purl_name":57,"source":9,"versions":60},"Mageia","python-pip","mageia","rpm",[61],{"version":62,"is_range":63,"range_type":64,"version_start":9,"version_start_type":9,"version_end":65,"version_end_type":66,"fixed_in":9},"lt19_0_3_1_3_mga7",true,"ecosystem","19.0.3-1.3.mga7","excluding"]