VYPR

apk package

wolfi/aws-cli-2

pkg:apk/wolfi/aws-cli-2

Vulnerabilities (4)

  • CVE-2026-44432HigMay 13, 2026
    affected < 2.34.55-r0fixed 2.34.55-r0

    urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) w

  • CVE-2026-44431MedMay 13, 2026
    affected < 2.34.55-r0fixed 2.34.55-r0

    urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.

  • CVE-2026-24049Jan 22, 2026
    affected < 2.33.1-r0fixed 2.33.1-r0

    wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the fil

  • CVE-2025-47273May 17, 2025
    affected < 2.27.60-r1fixed 2.27.60-r1

    setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on