GHSA-VXCF-C7MX-PG53 Build corruption when using `PYO3_CONFIG_FILE` environment variable

In PyO3 0.23.0 the PYO3CONFIGFILE environment variable used to configure builds regressed such that changing the environment variable would no longer trigger PyO3 to reconfigure and recompile. In combination with workflows using tools such as maturin to build for multiple versions in a single...

PT-2024-40490 · Pypi · Pyo3

Name of the Vulnerable Software and Affected Versions: PyO3 versions 0.23.0 through 0.23.2 Description: The issue arises from a regression in the PYO3 CONFIG FILE environment variable, which is used to configure builds. This regression causes PyO3 to fail to reconfigure and recompile when the...