Lucene search
K

6 matches found

OSV
OSV
added 2026/06/02 1:37 p.m.5 views

SUSE-SU-2026:22018-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2026-3219: concatenated tar and ZIP files are handled as ZIP files, resulting in possibly obfuscated malicious code bsc1262429. - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation,...

5.3CVSS6.8AI score0.0039EPSS
Exploits1References6
Amazon
Amazon
added 2026/05/26 12:0 a.m.14 views

Low: python3.13-pip

Issue Overview: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior...

4.6CVSS6.2AI score0.00144EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/21 12:21 p.m.6 views

SUSE CVE-2026-3219

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

3.3CVSS5.7AI score0.00144EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/20 5:26 p.m.7 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload due to concatenating tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. An attacker can cause unintended files to be installed by supplying a specially crafted archi...

5CVSS5.3AI score0.00144EPSS
Exploits0References2
NVD
NVD
added 2026/04/20 4:16 p.m.5 views

CVE-2026-3219

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

4.6CVSS0.00144EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/20 4:16 p.m.6 views

CVE-2026-3219

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

4.6CVSS5.8AI score0.00144EPSS
Exploits0References3
Rows per page
Query Builder