2 matches found
CVE-2022-40898
The CVE-2022-40898 vulnerability affects Python wheel (PyPA Wheel) 0.37.1 and older. The issue stems from a denial-of-service condition triggered by attacker-controlled input passed to the wheel CLI, allowing remote attackers to exhaust resources. Several connected sources confirm the vulnerabili...
CVE-2026-24049
CVE-2026-24049 affects the Python wheel tool. In versions 0.40.0–0.46.1, the unpack function mishandles file permissions after extraction by naively using the archive header filename for chmod, potentially allowing a malicious wheel to modify permissions on sensitive files (e.g., /etc/passwd, SSH...