Lucene search
K

4 matches found

SUSE CVE
SUSE CVE
added 2025/08/08 11:22 p.m.3 views

SUSE CVE-2025-54368

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...

6.5CVSS6.9AI score0.00183EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/08/08 12:15 a.m.4 views

CVE-2025-54368

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...

6.8CVSS6.9AI score0.00183EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/08 12:0 a.m.3 views

CVE-2025-54368 uv is vulnerable to ZIP payload obfuscation through parsing differentials

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...

6.8CVSS5.9AI score0.00183EPSS
Exploits0References4
OSV
OSV
added 2025/08/07 8:52 p.m.3 views

GHSA-8QF3-X8V5-2PJ8 uv allows ZIP payload obfuscation through parsing differentials

Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP...

6.8CVSS7.3AI score0.00183EPSS
Exploits0References6
Rows per page
Query Builder