Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/02/27 9:30 a.m.17 views

uv has ZIP payload obfuscation through parsing differentials

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP Zipped Information Package archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package...

6.3CVSS5.9AI score0.0015EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/02/27 9:30 a.m.10 views

EUVD-2025-208130

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP Zipped Information Package archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package...

6.3CVSS5.9AI score0.0015EPSS
Exploits0References6
OSV
OSV
added 2026/02/27 7:30 a.m.3 views

CVE-2025-13327 Uv: uv: specially crafted zip archives lead to arbitrary code execution due to parsing differentials

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP Zipped Information Package archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package...

6.3CVSS6AI score0.0015EPSS
Exploits0References8
OSV
OSV
added 2025/08/07 8:52 p.m.3 views

GHSA-8QF3-X8V5-2PJ8 uv allows ZIP payload obfuscation through parsing differentials

Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP...

6.8CVSS7.3AI score0.00196EPSS
Exploits0References6
Rows per page
Query Builder