4 matches found
AZL-77826 CVE-2026-24049 affecting package python-virtualenv 20.36.1-1
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
CVE-2026-24049
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
UBUNTU-CVE-2026-24049
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
CVE-2026-24049
CVE-2026-24049 affects the Python wheel tool. In versions 0.40.0–0.46.1, the unpack function mishandles file permissions after extraction by naively using the archive header filename for chmod, potentially allowing a malicious wheel to modify permissions on sensitive files (e.g., /etc/passwd, SSH...