Lucene search
K

11 matches found

OSV
OSV
added 2026/06/01 5:17 p.m.12 views

PYSEC-2026-196

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

5.5CVSS5.4AI score0.00275EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/01 5:17 p.m.59 views

PYSEC-2026-196

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

5.5CVSS5.4AI score0.00275EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/01 5:17 p.m.10 views

PYSEC-0000-CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

5.5CVSS5.5AI score0.00275EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/01 5:17 p.m.12 views

CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

8CVSS0.00275EPSS
Exploits0References21
Debian CVE
Debian CVE
added 2026/06/01 3:1 p.m.12 views

CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

8CVSS5.8AI score0.00275EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/01 3:1 p.m.10 views

CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

4.1CVSS5.8AI score0.00275EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/01 3:1 p.m.31 views

CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

4.1CVSS0.00275EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:1 p.m.10 views

CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

8CVSS5.8AI score0.00275EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/01 3:1 p.m.71 views

CVE-2026-8643

CVE-2026-8643 affects pip: a flaw in how entry-point names in wheel files are handled can cause path traversal and arbitrary file overwrite during wheel installation. Exploitation can overwrite files outside the installation directory. Reports from SUSE, AWS Amazon Linux advisories, and Red Hat r...

8CVSS5.8AI score0.00275EPSS
Exploits0References21Affected Software1
EUVD
EUVD
added 2026/06/01 3:1 p.m.12 views

EUVD-2026-33682

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

4.1CVSS5.8AI score0.00275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.11 views

PT-2026-45480

Name of the Vulnerable Software and Affected Versions pip affected versions not specified Description pip fails to sanitize the resolved absolute path to the installation directory when treating console scripts and gui scripts as paths rather than file names. This allows entry points to be...

8CVSS5.8AI score0.00275EPSS
Exploits0References35
Rows per page
Query Builder