VYPR

rpm package

almalinux/python3-wheel

pkg:rpm/almalinux/python3-wheel

Vulnerabilities (6)

  • CVE-2026-24049Jan 22, 2026
    affected < 1:0.41.2-5.el10_1.1fixed 1:0.41.2-5.el10_1.1

    wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the fil

  • CVE-2024-53899Nov 24, 2024
    affected < 1:0.31.1-3.module_el8.9.0+3700+efebe9fdfixed 1:0.31.1-3.module_el8.9.0+3700+efebe9fd

    virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.

  • CVE-2024-5629Jun 5, 2024
    affected < 1:0.31.1-3.module_el8.9.0+3700+efebe9fdfixed 1:0.31.1-3.module_el8.9.0+3700+efebe9fd

    An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.

  • CVE-2022-40898Dec 22, 2022
    affected < 1:0.36.2-8.el9fixed 1:0.36.2-8.el9

    An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.

  • CVE-2021-20270Mar 23, 2021
    affected < 1:0.31.1-3.module_el8.5.0+2569+5c5719bcfixed 1:0.31.1-3.module_el8.5.0+2569+5c5719bc

    An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

  • CVE-2021-27291Mar 17, 2021
    affected < 1:0.31.1-3.module_el8.5.0+2569+5c5719bcfixed 1:0.31.1-3.module_el8.5.0+2569+5c5719bc

    In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a