VYPR

rpm package

suse/python-pip&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP4

pkg:rpm/suse/python-pip&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4

Vulnerabilities (3)

  • CVE-2026-1703LowFeb 2, 2026
    affected < 22.3.1-150400.17.19.1fixed 22.3.1-150400.17.19.1

    When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situat

  • CVE-2023-28859Mar 26, 2023
    affected < 22.3.1-150400.17.16.4fixed 22.3.1-150400.17.16.4

    redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutio

  • CVE-2023-28858Mar 26, 2023
    affected < 22.3.1-150400.17.16.4fixed 22.3.1-150400.17.16.4

    redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT