CNNVD-202509-1126 Information
CNNVD ID
CNNVD-202509-1126
Related CVE
- CNNVD Published: 2025-09-09
Description (Chinese)
PyInstaller是Python基金会的一个Python库,它会分析您的代码以发现您的脚本需要执行的所有其他模块和库。 PyInstaller 6.0.0之前版本存在代码注入漏洞,该漏洞源于sys.path处理不当,可能导致任意代码执行。
Description (English)
PyInstarler is a Python library of the Python Foundation, which analyses your code to find all other modules and libraries your script needs to be implemented. Prior to PyInstaller 6.0.0, there was a code-injecting loophole, which stemmed from the inappropriate handling of sys.path, which could lead to arbitrary code enforcement.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
Python
Published
2025-09-09
Last Modified
2026-02-24
References
https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-p2xp-xx3r-mffc https://github.com/pyinstaller/pyinstaller/commit/f5adf291c8b832d5aff7632844f7e3ddf7ad4923 https://access.redhat.com/security/cve/cve-2025-59042
Patch
https://pyinstaller.org/en/stable/
Share on: