{"id":"PYSEC-2014-11","details":"pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.","aliases":["CVE-2014-8991","GHSA-53mr-44pp-crf4"],"modified":"2023-11-01T04:45:49.576468Z","published":"2014-11-24T15:59:00Z","references":[{"type":"WEB","url":"https://github.com/pypa/pip/pull/2122"},{"type":"WEB","url":"http://www.securityfocus.com/bid/71209"},{"type":"WEB","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725847"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2014/11/19/17"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2014/11/20/6"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}],"affected":[{"package":{"name":"pip","ecosystem":"PyPI","purl":"pkg:pypi/pip"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.3"},{"fixed":"6.0"}]}],"versions":["1.3","1.3.1","1.4","1.4.1","1.5","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.5.6"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pip/PYSEC-2014-11.yaml"}}],"schema_version":"1.7.3"}