漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
pip doesn't reject concatenated ZIP and tar archives
Vulnerability Description
pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
pip 安全漏洞
Vulnerability Description
pip是Python Packaging Authority开源的一个Python包安装程序。 pip存在安全漏洞,该漏洞源于将连接的tar和ZIP文件视为ZIP文件,可能导致安装行为混乱。
CVSS Information
N/A
Vulnerability Type
N/A