Primary

Context

Python pip Console and GUI Script Path Traversal Vulnerability

Vulnerability

Patched

A vulnerability in Python's pip package manager allows console_scripts and gui_scripts to be treated as paths rather than filenames. This issue arises because pip does not properly sanitize the resolved absolute path to the installation directory. As a result, entry points can be installed outside the intended installation directory.

Impact

Exploitation of this vulnerability can lead to entry points being installed in unintended locations, potentially causing conflicts or unexpected behavior when executing scripts.

Added: Jun 1, 2026, 6:10 PM

Updated: Jun 1, 2026, 6:10 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.9

remediation

7.7

relevance

9.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.9

remediation

7.7

relevance

9.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Python pip Console and GUI Script Path Traversal Vulnerability

Vulnerability

Impact

Affected Products

pip

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating