Amazon Linux 2023 : python3-click (ALAS2023-2026-1854)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1854 advisory. Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account. CVE-2026-72...

python311-click-8.3.3-2.1 on GA media (moderate)

python311-click-8.3.3-2.1 on GA media Announcement ID: openSUSE-SU-2026:10760-1 Rating: moderate Cross-References: CVE-2026-7246 CVSS scores: CVE-2026-7246 SUSE : 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2026-7246 SUSE : 5.4...

OPENSUSE-SU-2026:10760-1 python311-click-8.3.3-2.1 on GA media

These are all security issues fixed in the python311-click-8.3.3-2.1 package on the GA media of openSUSE Tumbleweed...

Command Injection

Click is vulnerable to Command Injection. The vulnerability is due to improper handling of user-controlled input in the click.edit function, allowing attackers to inject and execute arbitrary operating system commands from an unprivileged account...

UBUNTU-CVE-2015-8768

click/install.py in click does not require files in package filesystem tarballs to start with ./ dot slash, which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone...