CVE-2019-20916

Public Exploit

Description

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

References

Link	Tags
https://github.com/pypa/pip/issues/6413	patch exploit
https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace	patch
https://github.com/pypa/pip/compare/19.1.1...19.2	patch
https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html	third party advisory mailing list
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html	mailing list third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html	mailing list third party advisory vendor advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	third party advisory patch
https://www.oracle.com/security-alerts/cpujul2022.html	third party advisory patch

Frequently Asked Questions

What is the severity of CVE-2019-20916?: CVE-2019-20916 has been scored as a high severity vulnerability.
How to fix CVE-2019-20916?: To fix CVE-2019-20916, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-20916 being actively exploited in the wild?: It is possible that CVE-2019-20916 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-22 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

References

Frequently Asked Questions