NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-8643

Summary	pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.
Publication Date	June 2, 2026, 2:17 a.m.
Registration Date	June 2, 2026, 4:18 a.m.
Last Update	June 2, 2026, 3:12 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/pypa/pip/pull/14000	cna@python.org
2	https://mail.python.org/archives/list/security-announce@python.org/thread/YV63UET5D3OOJY7O4M5XCVYO2YM4NBYJ/	cna@python.org

Common Vulnerabilities List