python39-pip (SUSE:Linux Enterprise Module for Basesystem 15 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Basesystem 15 SP3 package python39-pip, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2019-20916 — CVSS 7.5 (high): The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition…
CVE-2015-2296 — CVSS 6.8 (medium): The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks…
CVE-2013-5123 — CVSS 5.9 (medium): The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows…
CVE-2021-3572 — CVSS 5.7 (medium): A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue…
CVE-2014-8991 — CVSS 2.1 (low): pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-*…