VYPR

rpm package

suse/python-pip&distro=SUSE Linux Enterprise Server for SAP applications 16.0

pkg:rpm/suse/python-pip&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0

Vulnerabilities (3)

  • CVE-2026-6357MedApr 27, 2026
    affected < 25.0.1-160000.4.1fixed 25.0.1-160000.4.1

    pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update funct

  • CVE-2026-3219MedApr 20, 2026
    affected < 25.0.1-160000.4.1fixed 25.0.1-160000.4.1

    pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior

  • CVE-2026-1703LowFeb 2, 2026
    affected < 25.0.1-160000.3.1fixed 25.0.1-160000.3.1

    When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situat