6.16.0
12 years ago
5 days ago
Known vulnerabilities in the pyinstaller package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
pyinstaller is a package that bundles a Python application and all its dependencies into a single package Affected versions of this package are vulnerable to Arbitrary Code Injection in the Notes: This is only exploitable if the filesystem supports creation of files/directories that contain '?' in their name (i.e., non-Windows systems) and the attacker is able to determine the offset at which the PYZ archive is embedded in the executable. How to fix Arbitrary Code Injection? Upgrade | [,6.0.0) |
pyinstaller is a package that bundles a Python application and all its dependencies into a single package Affected versions of this package are vulnerable to Race Condition when processes are spawned concurrently from multiple threads. This issue particularly affects the "spawn" method of multiprocessing, which is not thread-safe on Linux. Note This only affects Linux users. How to fix Race Condition? Upgrade | [,5.8.0) |
pyinstaller is a package that bundles a Python application and all its dependencies into a single package Affected versions of this package are vulnerable to Execution with Unnecessary Privileges. When the How to fix Execution with Unnecessary Privileges? Upgrade | [,5.13.1) |