OESA-2026-2630

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2630
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2630.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2026-2630
Upstream
Published
2026-06-12T12:25:26Z
Modified
2026-06-12T12:45:05.711197736Z
Summary
python-pip security update
Details

%changelog * Sat Jul 13 2024 yangyuan <yangyuan32@huawei.com> - 23.3.1-2 - Fix CVE-2023-45803 and CVE-2024-37891

Security Fix(es):

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to write generated script wrappers outside the intended installation directory, leading to arbitrary file overwrite. This can severely impact system integrity and availability, and in certain scenarios, may lead to arbitrary code execution.(CVE-2026-8643)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP4 / python-pip

Package

Name
python-pip
Purl
pkg:rpm/openEuler/python-pip&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.2.2-20.oe2003sp4

Ecosystem specific 

{
    "noarch": [
        "python-pip-help-20.2.2-20.oe2003sp4.noarch.rpm",
        "python-pip-wheel-20.2.2-20.oe2003sp4.noarch.rpm",
        "python2-pip-20.2.2-20.oe2003sp4.noarch.rpm",
        "python3-pip-20.2.2-20.oe2003sp4.noarch.rpm"
    ],
    "src": [
        "python-pip-20.2.2-20.oe2003sp4.src.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2026-2630.json"