Rhoai Odh-Ml-Pipelines-Runtime-Generic-Rhel9 vulnerabilities

CVE-2026-8643 [HIGH] CWE-22 python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use dir

CVE-2026-44432 [HIGH] CWE-409 urllib3: urllib3: Denial of Service due to excessive HTTP response decompression urllib3: urllib3: Denial of Service due to excessive HTTP response decompression A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if onl

CVE-2026-44431 [HIGH] CWE-201 urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to ga

CVE-2026-6357 [MEDIUM] CWE-94 pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation A flaw was found in pip. Prior to version 26.1, pip's self-update check functionality would execute after installing wheel packages. This process involved importing newly installed Python modules. A malicious actor could craft a specially designed wheel package tha

CVE-2026-41988 [LOW] CWE-787 uuid: uuid: Unexpected data writes when using external output buffers with specific UUID versions uuid: uuid: Unexpected data writes when using external output buffers with specific UUID versions A flaw was found in uuid. When external output buffers are used with UUID versions 3, 5, or 6, an attacker with local access may be able to cause unexpected data writes. This vulnerability could lead to low impact data integrity issues. UUID version 4 is not affected. Pack

CVE-2026-3219 [MEDIUM] CWE-1287 pip: pip: Incorrect file installation due to improper archive handling pip: pip: Incorrect file installation due to improper archive handling A flaw was found in pip. This vulnerability occurs because pip incorrectly processes concatenated tar and ZIP files as ZIP files, regardless of their true format. This improper handling can lead to confusing installation behavior, potentially causing the installation of unintended or 'incorrect' files. This could allow an a