CNNVD-202509-3859 Information

CNNVD ID

CNNVD-202509-3859

Related CVE

CVE-2025-8869

• CNNVD Published: 2025-09-24

Description (Chinese)

pip是Python Packaging Authority开源的一个Python包安装程序。 pip存在安全漏洞，该漏洞源于未检查符号链接是否指向提取目录，可能导致路径遍历攻击。

Description (English)

The pip is a Python package installation program for the Python Packaging Association Open Source. There is a security loophole in the pip that stems from the failure to check whether the symbol link points to the extract directory, which may lead to a routing attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Qdrant

Published

2025-09-24

Last Modified

2026-02-24

References

https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/ https://github.com/pypa/pip/pull/13550 https://vigilance.fr/vulnerability/pip-file-creation-via-Fallback-Tar-Extraction-48306

Patch

https://pip.pypa.io/en/stable/