2 matches found
Improper Validation of Syntactic Correctness of Input
Overview uv is an An extremely fast Python package and project manager, written in Rust. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in ZIP archives filenames processing. An attacker can cause malicious code to be executed or files to ...
GHSA-8QF3-X8V5-2PJ8 uv allows ZIP payload obfuscation through parsing differentials
Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP...