Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
- https://github.com/pypa/pip/issues/6413
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://github.com/404notf0und/CVE-Flow
- https://github.com/Anna-Rafaella/Conteneurisation
- https://github.com/Viselabs/zammad-google-cloud-docker
- https://github.com/fredrkl/trivy-demo
- https://github.com/noseka1/deep-dive-into-clair
- https://github.com/p-rog/cve-analyser
- https://github.com/rjmfernandes/cp-connect-custom-image
- https://github.com/rsys-fchaliss/hebe