Lucene search
K

8 matches found

OSV
OSV
added 2026/06/12 1:57 p.m.4 views

SUSE-SU-2026:2387-1 Security update for python

This update for python fixes the following issues - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599. - CVE-2026-3219: pip doesn't reject concatenated ZIP bsc1262429. - CVE-2026-4786: Incomplete...

9.1CVSS7AI score0.00579EPSS
Exploits2References14
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.16 views

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1689)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1689 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...

5.3CVSS5.8AI score0.00138EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/05 3:8 p.m.7 views

CVE-2026-6357

A flaw was found in pip. Prior to version 26.1, pip's self-update check functionality would execute after installing wheel packages. This process involved importing newly installed Python modules. A malicious actor could craft a specially designed wheel package that, when installed, could lead to...

5.8CVSS6.1AI score0.00138EPSS
Exploits0References5
NVD
NVD
added 2026/04/27 3:16 p.m.5 views

CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS0.00138EPSS
Exploits0References3
OSV
OSV
added 2026/04/27 3:16 p.m.3 views

UBUNTU-CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.8AI score0.00138EPSS
Exploits0References3
CVE
CVE
added 2026/04/27 2:19 p.m.48 views

CVE-2026-6357

CVE-2026-6357 affects pip prior to 26.1, where a self-update check would run after wheel installation and could import recently installed Python modules. The root cause is that imports of certain well-known module names were deferred to speed up CLI startup, allowing a wheel install to trigger im...

5.3CVSS5.3AI score0.00138EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/27 2:19 p.m.3 views

CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.3AI score0.00138EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/27 2:19 p.m.5 views

CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.3AI score0.00138EPSS
Exploits0References2
Rows per page
Query Builder