17 matches found
EulerOS Virtualization 2.13.0 : python-requests (EulerOS-SA-2026-2417)
According to the versions of the python-requests packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a...
EulerOS Virtualization 2.13.1 : python-requests (EulerOS-SA-2026-2388)
According to the versions of the python-requests packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-requests (SUSE-SU-2026:1647-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1647-1 advisory. - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives a...
SUSE-SU-2026:1647-1 Security update for python-requests
This update for python-requests fixes the following issues: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...
OESA-2026-1909 python-pip security update
%changelog Fri Feb 13 2026 Linuxzhang [email protected] - 23.3.1-9 - Fix CVE-2026-21441 Security Fixes: Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system...
Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
...
UBUNTU-CVE-2026-25645
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...
CVE-2026-25645
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...
CVE-2026-25645
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...
CVE-2026-25645
The CVE describes an insecure temp-file extraction in the Requests library prior to v2.33.0. The vulnerable function requests.utils.extract_zipped_paths() writes the CA bundle into /tmp using a predictable, non-unique filename (e.g., cacert.pem) and reuses an existing file if present, rather than...
Insecure Temporary File
Overview Affected versions of this package are vulnerable to Insecure Temporary File via the extractzippedpaths function. An attacker can leverage unauthorized file replacement by pre-creating a malicious file in the system's temporary directory prior to extraction. Note: Only applications that...
GHSA-GC5V-M9X4-R6X2 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Impact The requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could...
Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Impact The requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could...
EUVD-2026-15754
Requests has Insecure Temp File Reuse in its extractzippedpaths utility function...