Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01M21yLTQ0cHAtY3JmNM3yaQ
pip lack of randomness in build directory
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-*
file for another user.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01M21yLTQ0cHAtY3JmNM3yaQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: 7 months ago
Identifiers: GHSA-53mr-44pp-crf4, CVE-2014-8991
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-8991
- https://github.com/pypa/pip/pull/2122
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725847
- http://www.openwall.com/lists/oss-security/2014/11/19/17
- http://www.openwall.com/lists/oss-security/2014/11/20/6
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.securityfocus.com/bid/71209
- https://github.com/pypa/pip/commit/043fe9f5700315d97f83609c1f59deece8f1b901
- https://github.com/advisories/GHSA-53mr-44pp-crf4
Blast Radius: 0.0
Affected Packages
pypi:pip
Dependent packages: 902Dependent repositories: 35,613
Downloads: 352,870,441 last month
Affected Version Ranges: < 6.0
Fixed in: 6.0
All affected versions: 0.2.1, 0.3.1, 0.5.1, 0.6.1, 0.6.2, 0.6.3, 0.7.1, 0.7.2, 0.8.1, 0.8.2, 0.8.3, 1.0.1, 1.0.2, 1.2.1, 1.3.1, 1.4.1, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6
All unaffected versions: 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.1.0, 6.1.1, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.1.1, 7.1.2, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.1.0, 8.1.1, 8.1.2, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 10.0.0, 10.0.1, 19.0.1, 19.0.2, 19.0.3, 19.1.1, 19.2.1, 19.2.2, 19.2.3, 19.3.1, 20.0.1, 20.0.2, 20.1.1, 20.2.1, 20.2.2, 20.2.3, 20.2.4, 20.3.1, 20.3.2, 20.3.3, 20.3.4, 21.0.1, 21.1.1, 21.1.2, 21.1.3, 21.2.1, 21.2.2, 21.2.3, 21.2.4, 21.3.1, 22.0.1, 22.0.2, 22.0.3, 22.0.4, 22.1.1, 22.1.2, 22.2.1, 22.2.2, 22.3.1, 23.0.1, 23.1.1, 23.1.2, 23.2.1, 23.3.1, 23.3.2