Homepage

uv@0.11.4

An extremely fast Python package and project manager, written in Rust.

  • latest version

    0.11.7

  • latest non vulnerable version

    0.11.7

  • first published

    2 years ago

  • latest version published

    3 days ago

  • licenses detected

  • View uv package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the uv package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Directory Traversal

    uv is an An extremely fast Python package and project manager, written in Rust.

    Affected versions of this package are vulnerable to Directory Traversal through the uninstall process when handling RECORD entries containing relative paths that traverse outside the intended installation prefix. An attacker can cause arbitrary file deletion by crafting a malicious or malformed wheel with manipulated RECORD entries and convincing a user to install and then uninstall it.

    How to fix Directory Traversal?

    Upgrade uv to version 0.11.6 or higher.

    [,0.11.6)
    Go back to all versions of this package