Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
pip self-update functionality can import newly installed modules after wheel installation
Vulnerability Description
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
pip 安全漏洞
Vulnerability Description
pip是Python Packaging Authority开源的一个Python包安装程序。 pip 26.1之前版本存在安全漏洞,该漏洞源于自更新检查功能在安装wheel文件后运行,可能导致导入已知Python模块。
CVSS Information
N/A
Vulnerability Type
N/A