USN-4601-1: pip vulnerability
22 October 2020
pip could be made to overwrite files as the administrator.
- python-pip - Python package installer
It was discovered that pip did not properly sanitize the filename during
pip install. A remote attacker could possible use this issue to read and
write arbitrary files on the host filesystem as root, resulting in a
directory traversal attack. (CVE-2019-20916)