rpm package
almalinux/python3-wheel
pkg:rpm/almalinux/python3-wheel
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-24049 | — | < 1:0.41.2-5.el10_1.1 | 1:0.41.2-5.el10_1.1 | Jan 22, 2026 | wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the fil | ||
| CVE-2024-53899 | — | < 1:0.31.1-3.module_el8.9.0+3700+efebe9fd | 1:0.31.1-3.module_el8.9.0+3700+efebe9fd | Nov 24, 2024 | virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287. | ||
| CVE-2024-5629 | — | < 1:0.31.1-3.module_el8.9.0+3700+efebe9fd | 1:0.31.1-3.module_el8.9.0+3700+efebe9fd | Jun 5, 2024 | An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory. | ||
| CVE-2022-40898 | — | < 1:0.36.2-8.el9 | 1:0.36.2-8.el9 | Dec 22, 2022 | An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. | ||
| CVE-2021-20270 | — | < 1:0.31.1-3.module_el8.5.0+2569+5c5719bc | 1:0.31.1-3.module_el8.5.0+2569+5c5719bc | Mar 23, 2021 | An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. | ||
| CVE-2021-27291 | — | < 1:0.31.1-3.module_el8.5.0+2569+5c5719bc | 1:0.31.1-3.module_el8.5.0+2569+5c5719bc | Mar 17, 2021 | In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a |
- CVE-2026-24049Jan 22, 2026affected < 1:0.41.2-5.el10_1.1fixed 1:0.41.2-5.el10_1.1
wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the fil
- CVE-2024-53899Nov 24, 2024affected < 1:0.31.1-3.module_el8.9.0+3700+efebe9fdfixed 1:0.31.1-3.module_el8.9.0+3700+efebe9fd
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
- CVE-2024-5629Jun 5, 2024affected < 1:0.31.1-3.module_el8.9.0+3700+efebe9fdfixed 1:0.31.1-3.module_el8.9.0+3700+efebe9fd
An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.
- CVE-2022-40898Dec 22, 2022affected < 1:0.36.2-8.el9fixed 1:0.36.2-8.el9
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
- CVE-2021-20270Mar 23, 2021affected < 1:0.31.1-3.module_el8.5.0+2569+5c5719bcfixed 1:0.31.1-3.module_el8.5.0+2569+5c5719bc
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
- CVE-2021-27291Mar 17, 2021affected < 1:0.31.1-3.module_el8.5.0+2569+5c5719bcfixed 1:0.31.1-3.module_el8.5.0+2569+5c5719bc
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a