USN-4601-1: pip vulnerability

  • Thread starter Ubuntu security notices
  • Start date
U

Ubuntu security notices

Guest
It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack. (CVE-2019-20916)

Continue reading...
 
Top