4 matches found
CVE-2025-8869
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via untarwithoutfilter when used with Python versions that do not implement PEP 706 =3.9.17, =3.10.12, =3.11.4, or =3.12, or manually inspecting source distributions before installation. Remediation Upgrade pip to version...
SUSE CVE-2021-21330
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the...
DEBIAN-CVE-2021-21330
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the...