5 matches found
Poetry 路径遍历漏洞
Poetry is an open-source Python tool used for dependency management and packaging. Versions of Poetry from 1.4.0 to 2.3.3 had a path traversal vulnerability. This vulnerability stemmed from custom wheel files that might contain unrestricted paths, allowing arbitrary file writing with the privileg...
The vulnerability of the command-line tool for working with Wheel files is related to incorrect path name restrictions, which allows attackers to escalate their privileges or execute arbitrary code.
The vulnerability of the command-line tool for working with Wheel files is related to an incorrect limitation on the path name to the directory. Exploiting this vulnerability can allow an attacker to increase their privileges or execute arbitrary code...
Important: Red Hat Security Advisory: python3.12-wheel security update
An update for python3.12-wheel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
[SECURITY] Fedora 42 Update: python-wheel-0.45.1-5.fc42
This is a command line tool for manipulating Python wheel files, as defined in PEP 427. It contains the following functionality: - Convert .egg archives into .whl. - Unpack wheel archives. - Repack wheel archives. - Add or remove tags in existing wheel archives...
CVE-2026-24049
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...