Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS01M21yLTQ0cHAtY3JmNM3yaQ

pip lack of randomness in build directory

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

Permalink: https://github.com/advisories/GHSA-53mr-44pp-crf4
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01M21yLTQ0cHAtY3JmNM3yaQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: 7 months ago

Identifiers: GHSA-53mr-44pp-crf4, CVE-2014-8991
References:

Repository: https://github.com/pypa/pip
Blast Radius: 0.0

Affected Packages

pypi:pip

Dependent packages: 902
Dependent repositories: 35,613
Downloads: 352,870,441 last month
Affected Version Ranges: < 6.0
Fixed in: 6.0
All affected versions: 0.2.1, 0.3.1, 0.5.1, 0.6.1, 0.6.2, 0.6.3, 0.7.1, 0.7.2, 0.8.1, 0.8.2, 0.8.3, 1.0.1, 1.0.2, 1.2.1, 1.3.1, 1.4.1, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6
All unaffected versions: 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.1.0, 6.1.1, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.1.1, 7.1.2, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.1.0, 8.1.1, 8.1.2, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 10.0.0, 10.0.1, 19.0.1, 19.0.2, 19.0.3, 19.1.1, 19.2.1, 19.2.2, 19.2.3, 19.3.1, 20.0.1, 20.0.2, 20.1.1, 20.2.1, 20.2.2, 20.2.3, 20.2.4, 20.3.1, 20.3.2, 20.3.3, 20.3.4, 21.0.1, 21.1.1, 21.1.2, 21.1.3, 21.2.1, 21.2.2, 21.2.3, 21.2.4, 21.3.1, 22.0.1, 22.0.2, 22.0.3, 22.0.4, 22.1.1, 22.1.2, 22.2.1, 22.2.2, 22.3.1, 23.0.1, 23.1.1, 23.1.2, 23.2.1, 23.3.1, 23.3.2