17 matches found
Amazon Linux 2023 : python3.12-wheel, python3.12-wheel-wheel (ALAS2023-2026-1410)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1410 advisory. wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.46.1 and below, the unpack function is vulnerable to file permission modification through...
Amazon Linux 2023 : python3.13-wheel, python3.13-wheel-wheel (ALAS2023-2026-1414)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1414 advisory. wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.46.1 and below, the unpack function is vulnerable to file permission modification through...
[SECURITY] Fedora 43 Update: python-wheel-0.45.1-20.fc43
This is a command line tool for manipulating Python wheel files, as defined in PEP 427. It contains the following functionality: - Convert .egg archives into .whl. - Unpack wheel archives. - Repack wheel archives. - Add or remove tags in existing wheel archives...
SUSE CVE-2026-24049
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
FreeBSD : wheel -- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (65439aa0-f77d-11f0-9821-b0416f0c4c67)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 65439aa0-f77d-11f0-9821-b0416f0c4c67 advisory. https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx reports: wheel is a command line...
ALPINE-CVE-2026-24049
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
CVE-2026-24049
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
CVE-2026-24049
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
CVE-2026-24049 wheel Allows Arbitrary File Permission Modification via Path Traversal
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
CVE-2026-24049
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
CVE-2026-24049
CVE-2026-24049 affects the Python wheel tool. In versions 0.40.0–0.46.1, the unpack function mishandles file permissions after extraction by naively using the archive header filename for chmod, potentially allowing a malicious wheel to modify permissions on sensitive files (e.g., /etc/passwd, SSH...
CVE-2026-24049 wheel Allows Arbitrary File Permission Modification via Path Traversal
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
CVE-2026-24049
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
CVE-2026-24049
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...
Wheel security vulnerabilities
“wheel” is a command-line tool open-sourced by Python Packaging Authority. Versions of “wheel” prior to 0.46.1 contain security vulnerabilities. These vulnerabilities stem from the error handling of file permissions by the decompression function after extracting files, which may lead to privilege...
Linux Distros Unpatched Vulnerability : CVE-2026-24049
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to...
python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli
An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...