VulnerableCode Package Details - pkg:deb/ubuntu/python-pip@20.0.2-5ubuntu1

Search for packages

Package details: pkg:deb/ubuntu/python-pip@20.0.2-5ubuntu1

Essentials
History (0)

purl	pkg:deb/ubuntu/python-pip@20.0.2-5ubuntu1

Next non-vulnerable version	20.0.2-5ubuntu1.1
Latest non-vulnerable version	20.0.2-5ubuntu1.1
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-7ghb-wt6a-aaah Aliases: CVE-2020-26137 GHSA-wqvq-5m8c-6g24 PYSEC-2020-148	urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.	20.0.2-5ubuntu1.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-zh88-avv8-aaas	The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.	CVE-2019-20916 GHSA-gpvv-69j7-gwj8 PYSEC-2020-173 PYSEC-2020-192

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version