Lucene search
K

4 matches found

EUVD
EUVD
added 2025/10/29 10:12 p.m.5 views

EUVD-2025-36724

uv allows ZIP payload obfuscation through parsing differentials...

6.4AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/10/29 10:12 p.m.35 views

uv allows ZIP payload obfuscation through parsing differentials

Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields...

6.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/07 8:52 p.m.3 views

GHSA-8QF3-X8V5-2PJ8 uv allows ZIP payload obfuscation through parsing differentials

Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP...

6.8CVSS7.3AI score0.00196EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/08/07 8:52 p.m.10 views

uv allows ZIP payload obfuscation through parsing differentials

Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP...

6.8CVSS6.4AI score0.00196EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder