OESA-2026-2631

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2631

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2026-2631.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2026-2631

Upstream

CVE-2026-8643

Published

2026-06-12T12:25:27Z

Modified

2026-06-12T12:45:05.994555907Z

Summary

python-pip security update

Details

%changelog * Sat Jul 13 2024 yangyuan <yangyuan32@huawei.com> - 23.3.1-2 - Fix CVE-2023-45803 and CVE-2024-37891

Security Fix(es):

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to write generated script wrappers outside the intended installation directory, leading to arbitrary file overwrite. This can severely impact system integrity and availability, and in certain scenarios, may lead to arbitrary code execution.(CVE-2026-8643)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:22.03-LTS-SP4 / python-pip

Package

Name: python-pip
Purl: pkg:rpm/openEuler/python-pip&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

21.3.1-19.oe2203sp4

Ecosystem specific

{
    "src": [
        "python-pip-21.3.1-19.oe2203sp4.src.rpm"
    ],
    "noarch": [
        "python-pip-help-21.3.1-19.oe2203sp4.noarch.rpm",
        "python-pip-wheel-21.3.1-19.oe2203sp4.noarch.rpm",
        "python3-pip-21.3.1-19.oe2203sp4.noarch.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-2631.json"