cve/CVE-2019-20916.md at d265b01db84ea263ae08fa7d2c08cb82387c2083

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 03:02:30 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

POC

Reference

https://github.com/pypa/pip/issues/6413
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html

Github

https://github.com/404notf0und/CVE-Flow
https://github.com/Viselabs/zammad-google-cloud-docker
https://github.com/fredrkl/trivy-demo
https://github.com/noseka1/deep-dive-into-clair
https://github.com/p-rog/cve-analyser

1.0 KiB Raw Blame History

CVE-2019-20916

Description

POC

Reference

Github

1.0 KiB

Raw Blame History