a2ml (>=0.1.0 <=0.1.2), aadetools (>=0.0.3 <=0.0.5) +628 more potentially affected by CVE-2022-40898 via wheel (>=0.24.0 <=0.38.0)

wheel PYPI version =0.24.0, =0.1.0, =0.0.3, =0.1.1, =0.1.0, =1.0.0, =0.14.0, =1.4.6, =1.0.1, =1.0.17, =3.9.0, =2.4.1, =0.0.1, =1.0.1 and more Source cves: CVE-2022-40898 Source advisory: OSV:PYSEC-2022-43017...

PYSEC-2022-43017

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

Input validation

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

PYSEC-2022-43017

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

UBUNTU-CVE-2022-40898

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

Python 安全漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python Packaging Authority PyPA Wheel version 0.37.1 and earlier. An attacker c...

CVE-2022-40898

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

CVE-2022-40898

The CVE-2022-40898 vulnerability affects Python wheel (PyPA Wheel) 0.37.1 and older. The issue stems from a denial-of-service condition triggered by attacker-controlled input passed to the wheel CLI, allowing remote attackers to exhaust resources. Several connected sources confirm the vulnerabili...

CVE-2022-40898

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

CVE-2022-40898

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

PT-2022-7152 · Python Packaging Authority +7 · Wheel +7

Name of the Vulnerable Software and Affected Versions: Python Packaging Authority PyPA Wheel versions 0.37.1 and earlier Description: The issue is related to an uncontrolled resource consumption in the Python Packaging Authority PyPA Wheel, which can be exploited by a remote attacker to cause a...

The vulnerability of the implementation of the salt.wheel.pillar_roots.write method in the configuration management system and remote execution of SaltStack Salt operations allows a perpetrator to disclose sensitive information.

The vulnerability of the salt.wheel.pillarroots.write method in the configuration management system and remote execution of SaltStack Salt is related to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to expose...

Warning: PyPI Feature Executes Code Automatically After Python Package Download

In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A worrying feature in pip/PyPI allows code to automatically...

python-virtualenv security update

15.1.0-7 - Security fix for CVE-2019-20916 for the bundled pip wheel Resolves: rhbz1868135...

GHSA-XXW3-765M-F37P SaltStack Salt Improper Authentication vulnerability

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

SUSE-SU-2022:1454-1 Security update for python-pip

This update for python-pip fixes the following issues: - Add wheel subpackage with the generated wheel for this package bsc1176262, CVE-2019-20916. - Make wheel a separate build run to avoid the setuptools/wheel build cycle. - Switch this package to use update-alternatives for all files in %bindi...

WordPress Lucky Wheel for WooCommerce – Spin a Sale plugin <= 1.0.10 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Lucky Wheel for WooCommerce – Spin a Sale plugin versions = 1.0.10. Solution Update the WordPress Lucky Wheel for WooCommerce – Spin a Sale plugin to the latest available version at least 1.0.11...

WordPress WP Optin Wheel plugin <= 1.3.4 - Subscribe+ Plugin Options Update (Toggle Wheel status, Update wheels) vulnerability

Subscribe+ Plugin Options Update Toggle Wheel status, Update wheels vulnerability discovered in WordPress WP Optin Wheel plugin versions = 1.3.4. Solution Update the WordPress WP Optin Wheel plugin to the latest available version at least 1.3.5...

WordPress WP Optin Wheel plugin <= 1.3.4 - Information Disclosure vulnerability (Mailchimp lists, logs)

Information Disclosure vulnerability Mailchimp lists, logs discovered in WordPress WP Optin Wheel plugin versions = 1.3.4. Solution Update the WordPress WP Optin Wheel plugin to the latest available version at least 1.3.5...

WordPress WP Optin Wheel plugin <= 1.3.4 - Subscriber+ Arbitrary Delete Wheels or Posts vulnerability

Subscriber+ Arbitrary Delete Wheels or Posts vulnerability discovered in WordPress WP Optin Wheel plugin versions = 1.3.4. Solution Update the WordPress WP Optin Wheel plugin to the latest available version at least 1.3.5...