Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1530)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1530 advisory. When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation...