30 matches found
python3.14-pip security update
An update is available for python3.14-pip. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...
python3.14-pip security update
An update is available for python3.14-pip. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...
python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite
A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...
SUSE-SU-2026:2758-1 Security update for python-pip
This update for python-pip fixes the following issues - CVE-2026-3219: pip doesn't reject concatenated ZIP bsc1262429. - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation bsc1263442...
SUSE SLED15 / SLES15 Security Update : python-pip (SUSE-SU-2026:2634-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2634-1 advisory. This update for python-pip fixes the following issues - CVE-2026-3219: pip doesn't reject concatenated ZIP...
SUSE-SU-2026:2634-1 Security update for python-pip
This update for python-pip fixes the following issues - CVE-2026-3219: pip doesn't reject concatenated ZIP bsc1262429. - CVE-2026-6357: pip self-update functionality can import newly installed modules after wheel installation bsc1263442. - CVE-2026-8643: path traversal via malicious entry point...
Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1840)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1840 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...
SUSE-SU-2026:22300-1 Security update for python-pip
This update for python-pip fixes the following issue - CVE-2026-8643: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite bsc1266669...
OPENSUSE-SU-2026:20993-1 Security update for python-pip
This update for python-pip fixes the following issue - CVE-2026-8643: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite bsc1266669...
PDM wheel installation leads to Path Traversal via overridden write_to_fs
InstallDestination.writetofs in src/pdm/installers/installers.py overrides the base class to add symlink/hardlink support but replaces the safe pathwithdestdir which validates via Path.resolve + isrelativeto with a bare os.path.join that performs no path validation. A malicious wheel with travers...
uv is vulnerable to arbitrary file write through entry point names
Impact In versions of uv prior to 0.11.15, when installing a distribution containing an entry point specification under consolescripts or guiscripts, uv would place the generated entry point according to the given name even if doing so resulted in a path outside of the environment's scripts...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the wheel installation process. An attacker can overwrite arbitrary files within the installing user's permissions by convincing a user to install a specially crafted Python wheel containing malicious entry-point...
Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3317 (ALAS-2026-3317)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3317 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred ...
Amazon Linux 2023 : python3.14-pip, python3.14-pip-wheel (ALAS2023-2026-1653)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1653 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...
Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1654)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1654 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...
pip self-update functionality can import newly installed modules after wheel installation
...
SUSE CVE-2026-6357
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...
Linux Distros Unpatched Vulnerability : CVE-2026-6357
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These...
pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...