Lucene search
+L

5 matches found

cnnvd
cnnvd
added 2026/04/02 12:0 a.m.11 views

Poetry 路径遍历漏洞

Poetry is an open-source Python tool used for dependency management and packaging. Versions of Poetry from 1.4.0 to 2.3.3 had a path traversal vulnerability. This vulnerability stemmed from custom wheel files that might contain unrestricted paths, allowing arbitrary file writing with the privileg...

7.1CVSS5.9AI score0.00468EPSS
Exploits1References4
bdu_fstec
bdu_fstec
added 2026/03/25 12:0 a.m.2 views

The vulnerability of the command-line tool for working with Wheel files is related to incorrect path name restrictions, which allows attackers to escalate their privileges or execute arbitrary code.

The vulnerability of the command-line tool for working with Wheel files is related to an incorrect limitation on the path name to the directory. Exploiting this vulnerability can allow an attacker to increase their privileges or execute arbitrary code...

7.1CVSS7AI score0.00311EPSS
Exploits2References3Affected Software2
redhat
redhat
added 2026/02/18 2:23 a.m.8 views

Important: Red Hat Security Advisory: python3.12-wheel security update

An update for python3.12-wheel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.1CVSS6.8AI score0.00311EPSS
Exploits2References2
fedora
fedora
added 2026/02/01 1:3 a.m.9 views

[SECURITY] Fedora 42 Update: python-wheel-0.45.1-5.fc42

This is a command line tool for manipulating Python wheel files, as defined in PEP 427. It contains the following functionality: - Convert .egg archives into .whl. - Unpack wheel archives. - Repack wheel archives. - Add or remove tags in existing wheel archives...

7.1CVSS5.9AI score0.00311EPSS
Exploits2
debiancve
debiancve
added 2026/01/22 4:2 a.m.6 views

CVE-2026-24049

wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...

7.1CVSS7.5AI score0.00311EPSS
Exploits2
Rows per page
Query Builder