Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 8:22 a.m.6 views

Security Bulletin: Symlink Traversal Vulnerability in pip Tar Extraction Fallback on Pre-PEP 706 Python Versions, watsonx.data

Summary A vulnerability in pip allows improper handling of symbolic links during tar extraction on older Python versions without PEP 706, potentially leading to path traversal outside the intended directory; updating pip and Python mitigates the risk. This can affect watsonx.data. Vulnerability...

5.9CVSS6.8AI score0.00438EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/09/24 3:31 p.m.1 views

GHSA-4XH5-X5GV-QWPH pip's fallback tar extraction doesn't check symbolic links point to extraction directory

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...

5.9CVSS7.9AI score0.00438EPSS
Exploits0References7
OSV
OSV
added 2025/09/24 3:15 p.m.7 views

AZL-67788 CVE-2025-8869 affecting package python-pip for versions less than 24.2-4

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...

5.9CVSS7.2AI score0.00438EPSS
Exploits0References1
OSV
OSV
added 2025/09/24 3:15 p.m.4 views

UBUNTU-CVE-2025-8869

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...

5.9CVSS7.1AI score0.00438EPSS
Exploits0References4
Rows per page
Query Builder