SVilgelm
commented
4 years ago @ken-duck Could you take a look at this issue?
Closed SVilgelm closed 4 years ago
SVilgelm
commented
4 years ago @ken-duck Could you take a look at this issue?
ken-duck
commented
4 years ago Ewf. Sorry for the delay. I am on it.
ken-duck
commented
4 years ago Sorry for the delay and thanks for the heads up. The fix is in and you should see the new data sometime tomorrow, all going well.
SVilgelm
commented
4 years ago @ken-duck I see that the issue has a range now (,19.3.0)
But the ossaudit tool still shows this issue:
+--------------------------------------+------------+---------+-----+------------+---------------------------------------+--------------------------------------+
| e4c955a3-2004-472e-920b-783fea46c3cd | pip | 20.0.2 | | 3.6 | CWE-22: Improper Limitation of a | The software uses external input to |
| | | | | | Pathname to a Restricted Directory | construct a pathname that is |
| | | | | | ('Path Traversal') | intended to identify a file or |
| | | | | | | directory that is located underneath |
| | | | | | | a restricted parent directory, but |
| | | | | | | the software does not properly |
| | | | | | | neutralize special elements within |
| | | | | | | the pathname that can cause the |
| | | | | | | pathname to resolve to a location |
| | | | | | | that is outside of the restricted |
| | | | | | | directory. |
+--------------------------------------+------------+---------+-----+------------+---------------------------------------+--------------------------------------+I'm sorry, the problem is gone when I removed the cache file :)
ken-duck
commented
4 years ago Great news! Thanks.
Vulnerability URL
Description The fix has been merged on Sep 26, 2019: https://github.com/pypa/pip/pull/6313 and it is been released in the version 19.3