VulnerableCode Package Details - pkg:deb/ubuntu/python-pip@20.0.2-4

Search for packages

Package details: pkg:deb/ubuntu/python-pip@20.0.2-4

Essentials
History (0)

purl	pkg:deb/ubuntu/python-pip@20.0.2-4

Next non-vulnerable version	20.0.2-5ubuntu1.1
Latest non-vulnerable version	20.0.2-5ubuntu1.1
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-7ghb-wt6a-aaah Aliases: CVE-2020-26137 GHSA-wqvq-5m8c-6g24 PYSEC-2020-148	urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.	20.0.2-5ubuntu1.1 Affected by 0 other vulnerabilities.
VCID-zh88-avv8-aaas Aliases: CVE-2019-20916 GHSA-gpvv-69j7-gwj8 PYSEC-2020-173 PYSEC-2020-192	The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.	20.0.2-5ubuntu1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version