漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Limited path traversal when installing wheel archives
Vulnerability Description
When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
pip 安全漏洞
Vulnerability Description
pip是Python Packaging Authority开源的一个Python包安装程序。 pip存在安全漏洞,该漏洞源于安装恶意制作的wheel存档时可能发生路径遍历,可能导致文件被提取到安装目录之外。
CVSS Information
N/A
Vulnerability Type
N/A