Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/09/24 8:15 p.m.2 views

CVE-2025-8869

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...

5.9CVSS6.6AI score0.00438EPSS
Exploits0References5
Snyk
Snyk
added 2025/09/24 3:31 p.m.3 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via untarwithoutfilter when used with Python versions that do not implement PEP 706 =3.9.17, =3.10.12, =3.11.4, or =3.12, or manually inspecting source distributions before installation. Remediation Upgrade pip to version...

5.9CVSS6.9AI score0.00438EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.1 views

SUSE CVE-2021-21330

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the...

8.2CVSS8.6AI score0.01905EPSS
Exploits0References5
OSV
OSV
added 2021/02/26 3:15 a.m.1 views

DEBIAN-CVE-2021-21330

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the...

6.1CVSS6.8AI score0.01905EPSS
Exploits0References1
Rows per page
Query Builder