rpm package
almalinux/python3.14-pip-wheel
pkg:rpm/almalinux/python3.14-pip-wheel
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-8643 | Med | 5.5 | < 25.2-3.el10_2.5 | 25.2-3.el10_2.5 | Jun 1, 2026 | pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory. |
- affected < 25.2-3.el10_2.5fixed 25.2-3.el10_2.5
pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.