cve/2019/CVE-2019-20916.md

### [CVE-2019-20916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20916)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

### POC

#### Reference
- https://github.com/pypa/pip/issues/6413
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html

#### Github
- https://github.com/404notf0und/CVE-Flow
- https://github.com/Viselabs/zammad-google-cloud-docker
- https://github.com/fredrkl/trivy-demo
- https://github.com/noseka1/deep-dive-into-clair
- https://github.com/p-rog/cve-analyser