CVSS: 8.0EPSS: 0%CPEs: 7EXPL: 1CVE-2019-20916 – python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py
https://notcve.org/view.php?id=CVE-2019-20916
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. El paquete pip versiones anteriores a 19.2 para Python, permite un Salto de Directorio cuando una URL es proporcionada en un comando de instalación, porque un encabezado Content-Disposition puede tener ../ en un nombre de archivo, como es demostrado al sobrescribir el archivo /root/.ssh/authorized_keys. Esto ocurre en la función _download_http_url en el archivo _internal/download.py A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace https://github.com/pypa/pip/compare/19.1.1...19.2 https://github.com/pypa/pip/issues/6413 https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.ht • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2020-1747 – PyYAML: arbitrary command execution through python/object/new when FullLoader is used
https://notcve.org/view.php?id=CVE-2020-1747
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. Se descubrió una vulnerabilidad en la biblioteca PyYAML versiones anteriores a 5.3.1, donde es susceptible a una ejecución de código arbitraria cuando procesa archivos YAML no seguros por medio del método full_load o con el cargador FullLoader. Las aplicaciones que usan la biblioteca para procesar entradas no seguras pueden ser vulnerables a este fallo. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00017.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747 https://github.com/yaml/pyyaml/pull/386 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7PPAS6C4SZRDQLR7C22A5U3QOLXY33JX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K5HEPD7LEVDPCITY5IMDYWXUMX37VFMY https://lists.fedoraproject&# • CWE-20: Improper Input Validation •