2 matches found
PT-2026-48601
Name of the Vulnerable Software and Affected Versions pdm versions prior to 2.28.0 Description The write to fs function in the InstallDestination class fails to properly validate file paths when adding symlink or hardlink support. It replaces the secure path with destdir method, which uses...
UBUNTU-CVE-2026-41082
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...