It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack. (CVE-2019-20916)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "9.0.1-2.3~ubuntu1.18.04.4", "binary_name": "python-pip" }, { "binary_version": "9.0.1-2.3~ubuntu1.18.04.4", "binary_name": "python-pip-whl" }, { "binary_version": "9.0.1-2.3~ubuntu1.18.04.4", "binary_name": "python3-pip" } ] }