GHSA-4xh5-x5gv-qwph

Suggest an improvement
Source
https://github.com/advisories/GHSA-4xh5-x5gv-qwph
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-4xh5-x5gv-qwph/GHSA-4xh5-x5gv-qwph.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-4xh5-x5gv-qwph
Aliases
Downstream
Published
2025-09-24T15:31:14Z
Modified
2025-09-26T18:37:20.745725Z
Severity
  • 5.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
pip's fallback tar extraction doesn't check symbolic links point to extraction directory
Details

Summary

In the fallback extraction path for source distributions, pip used Python’s tarfile module without verifying that symbolic/hard link targets resolve inside the intended extraction directory. A malicious sdist can include links that escape the target directory and overwrite arbitrary files on the invoking host during pip install.

Impact

Successful exploitation enables arbitrary file overwrite outside the build/extraction directory on the machine running pip. This can be leveraged to tamper with configuration or startup files and may lead to further code execution depending on the environment, but the direct, guaranteed impact is integrity compromise on the vulnerable system.

Conditions

The issue is triggered when installing an attacker-controlled sdist (e.g., from an index or URL) and the fallback extraction code path is used. No special privileges are required beyond running pip install; active user action is necessary.

Remediation

Upgrade to pip 25.2 or later, which validates member paths and rejects unsafe link targets. Using a Python interpreter that implements the safe-extraction behavior described by PEP 706 provides additional defense in depth for other tarfile issues but is not a substitute for upgrading pip for this specific flaw.

Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-24T20:04:58Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-59"
    ],
    "nvd_published_at": "2025-09-24T15:15:41Z"
}
References

Affected packages

PyPI / pip

Package

Name
pip
View open source insights on deps.dev
Purl
pkg:pypi/pip

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.2

Affected versions

0.*

0.2
0.2.1
0.3
0.3.1
0.4
0.5
0.5.1
0.6
0.6.1
0.6.2
0.6.3
0.7
0.7.1
0.7.2
0.8
0.8.1
0.8.2
0.8.3

1.*

1.0
1.0.1
1.0.2
1.1
1.2
1.2.1
1.3
1.3.1
1.4
1.4.1
1.5
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6

6.*

6.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.1.0
6.1.1

7.*

7.0.0
7.0.1
7.0.2
7.0.3
7.1.0
7.1.1
7.1.2

8.*

8.0.0
8.0.1
8.0.2
8.0.3
8.1.0
8.1.1
8.1.2

9.*

9.0.0
9.0.1
9.0.2
9.0.3

10.*

10.0.0b1
10.0.0b2
10.0.0
10.0.1

18.*

18.0
18.1

19.*

19.0
19.0.1
19.0.2
19.0.3
19.1
19.1.1
19.2
19.2.1
19.2.2
19.2.3
19.3
19.3.1

20.*

20.0
20.0.1
20.0.2
20.1b1
20.1
20.1.1
20.2b1
20.2
20.2.1
20.2.2
20.2.3
20.2.4
20.3b1
20.3
20.3.1
20.3.2
20.3.3
20.3.4

21.*

21.0
21.0.1
21.1
21.1.1
21.1.2
21.1.3
21.2
21.2.1
21.2.2
21.2.3
21.2.4
21.3
21.3.1

22.*

22.0
22.0.1
22.0.2
22.0.3
22.0.4
22.1b1
22.1
22.1.1
22.1.2
22.2
22.2.1
22.2.2
22.3
22.3.1

23.*

23.0
23.0.1
23.1
23.1.1
23.1.2
23.2
23.2.1
23.3
23.3.1
23.3.2

24.*

24.0
24.1b1
24.1b2
24.1
24.1.1
24.1.2
24.2
24.3
24.3.1

25.*

25.0
25.0.1
25.1
25.1.1