17 matches found
CVE-2026-42301
A flaw was found in pyp2spec, a tool that generates Fedora RPM spec files for Python projects. This vulnerability allows a malicious Python Package Index PyPI package to execute arbitrary commands on a build machine. This occurs because pyp2spec writes PyPI package metadata, such as the summary...
CVE-2026-42301
pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, s...
CVE-2026-42301 Improper Input Validation leading to Improper Control of Generation of Code ('Code Injection') in pyp2spec
pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, s...
CVE-2026-42301
CVE-2026-42301 affects pyp2spec. Prior to v0.14.1, it wrote PyPI metadata (e.g., summary) into the generated Fedora RPM spec file without escaping RPM macro directives, allowing a local attacker to execute arbitrary commands during rpmbuild. The issue is patched in v0.14.1; upgrade to 0.14.1 or l...
CVE-2026-42301
pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, s...
CVE-2026-42301 Improper Input Validation leading to Improper Control of Generation of Code ('Code Injection') in pyp2spec
pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, s...
pyp2spec 输入验证错误漏洞
pyp2spec is a Python tool for generating Fedora RPM specification files from the individual developer Karolina Surma. An input validation error vulnerability exists in pyp2spec versions prior to 0.14.1, which stems from the failure to escape RPM macro commands when generating a spec file, which...
pyp2spec is Vulnerable to Code Injection
Impact pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, so a malicious package can execute arbitrary commands on the build machine. The macro...
Arbitrary Code Injection
Overview pyp2spec is a Generate a valid Fedora specfile from Python package from PyPI Affected versions of this package are vulnerable to Arbitrary Code Injection in the process of writing package metadata into the generated spec file without escaping RPM macro directives. An attacker can execute...
PT-2026-37196
Name of the Vulnerable Software and Affected Versions pyp2spec versions prior to 0.14.1 Description pyp2spec writes PyPI package metadata, such as the summary field, into generated spec files without escaping RPM macro directives. When a packager uses tools like rpmbuild -bs, rpmbuild --nobuild, ...
[SECURITY] Fedora 44 Update: pyp2spec-0.14.1-1.fc44
pyp2spec is a tech preview. It is a tool generating Fedora RPM spec files for Python distributions. It utilizes the benefits of pyproject-rpm-macros...
[SECURITY] Fedora 43 Update: pyp2spec-0.14.1-1.fc43
pyp2spec is a tech preview. It is a tool generating Fedora RPM spec files for Python distributions. It utilizes the benefits of pyproject-rpm-macros...
[SECURITY] Fedora 42 Update: pyp2spec-0.14.1-1.fc42
pyp2spec is a tech preview. It is a tool generating Fedora RPM spec files for Python distributions. It utilizes the benefits of pyproject-rpm-macros...
Fedora 43 : pyp2spec (2026-1f68c09a18)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1f68c09a18 advisory. Added sanitization of inputs of the metadata fields. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
Fedora 44 : pyp2spec (2026-4a8ed954a6)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4a8ed954a6 advisory. Added sanitization of inputs of the metadata fields. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
Fedora 42 : pyp2spec (2026-91671b8061)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-91671b8061 advisory. Automatic update for pyp2spec-0.14.1-1.fc42. Changelog for pyp2spec Tue Apr 21 2026 Packit - 0.14.1-1 - Update to 0.14.1 upstream release - Resolves:...
Fedora 45 : pyp2spec (2026-9ba2d85db0)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9ba2d85db0 advisory. Automatic update for pyp2spec-0.14.1-1.fc45. Changelog Tue Apr 21 2026 Packit - 0.14.1-1 - Update to 0.14.1 upstream release - Resolves: rhbz2460051 -...