4 matches found
Amazon Linux 2 : python-pip, --advisory ALAS2-2025-3023 (ALAS-2025-3023)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3023 advisory. When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.Note that upgrading pip to a fixed version for this...
SUSE CVE-2025-8869
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...
AZL-67788 CVE-2025-8869 affecting package python-pip for versions less than 24.2-4
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...
PT-2025-39265
Name of the Vulnerable Software and Affected Versions pip affected versions not specified Description An issue exists in pip where it may not properly check symbolic links when extracting tar archives if the tarfile module does not implement PEP 706. This can occur when using Python versions that...