Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/15 12:0 a.m.4 views

Amazon Linux 2 : python-pip, --advisory ALAS2-2025-3023 (ALAS-2025-3023)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3023 advisory. When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.Note that upgrading pip to a fixed version for this...

5.9CVSS7.4AI score0.00438EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/09/25 11:28 p.m.4 views

SUSE CVE-2025-8869

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...

5.9CVSS6.9AI score0.00438EPSS
Exploits0References3
OSV
OSV
added 2025/09/24 3:15 p.m.7 views

AZL-67788 CVE-2025-8869 affecting package python-pip for versions less than 24.2-4

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...

5.9CVSS7.2AI score0.00438EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.4 views

PT-2025-39265

Name of the Vulnerable Software and Affected Versions pip affected versions not specified Description An issue exists in pip where it may not properly check symbolic links when extracting tar archives if the tarfile module does not implement PEP 706. This can occur when using Python versions that...

8.9CVSS6.8AI score0.0068EPSS
Exploits0References59
Rows per page
Query Builder