Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1490)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1490 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation...