16 matches found
openSUSE 16 Security Update : python-black (openSUSE-SU-2026:20417-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20417-1 advisory. - CVE-2026-31900: a malicious pyproject.toml edit can lead to arbitrary code execution bsc1259546. - CVE-2026-32274: arbitrary file writes from...
CVE-2026-31900
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...
SUSE-SU-2026:20928-1 Security update for python-black
This update for python-black fixes the following issues: - CVE-2026-31900: a malicious pyproject.toml edit can lead to arbitrary code execution bsc1259546. - CVE-2026-32274: arbitrary file writes from unsanitized user input in cache file name bsc1259608...
Linux Distros Unpatched Vulnerability : CVE-2026-31900
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for...
SUSE CVE-2026-31900
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...
CVE-2026-31900
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...
UBUNTU-CVE-2026-31900
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...
CVE-2026-31900 Black's vulnerable version parsing leads to RCE in GitHub Action
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...
CVE-2026-31900
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...
CVE-2026-31900
CVE-2026-31900 concerns the Black Python code formatter used in a GitHub Action. The vulnerability arises when the action reads the Black version from a repository’s pyproject.toml (use_pyproject: true). A malicious pull request could alter pyproject.toml to reference a direct URL to a malicious ...
CVE-2026-31900
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...
CVE-2026-31900 Black's vulnerable version parsing leads to RCE in GitHub Action
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...
CVE-2026-31900
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...
CVE-2026-31900 Black's vulnerable version parsing leads to RCE in GitHub Action
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...
GHSA-V53H-F6M7-XCGM Black's vulnerable version parsing leads to RCE in GitHub Action
Impact Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. Th...
CVE-2025-32800 Conda-build vulnerable to supply chain attack vector due to pyproject.toml referring to dependencies not present in PyPI
Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary malicious code to the package, and then exploit...