Synopsis:
python-click security updateSummary:
An update for python-click is now available for openEuler-22.03-LTS-SP4Description:
Click is a Python package for creating beautiful command line interfaces in a composable way with as little code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with sensible defaults out of the box.
Security Fix(es):
Pallets Click, versions 8.3.2 and below, contains a command injection vulnerability in the click.edit() function. The vulnerability allows attackers to inject arbitrary OS commands through unsanitized filename parameters in the click.edit() function. Attackers can exploit this vulnerability to execute malicious commands from an unprivileged account, potentially leading to complete system compromise.(CVE-2026-7246)Topic:
An update for python-click is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP3/openEuler-24.03-LTS-SP4.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
HighAffected Component:
python-click
8.0.4-2.oe2203sp48.0.4-2.oe2203sp48.0.4-2.oe2203sp4Exploitability
AV:LAC:HPR:HUI:RScope
S:CImpact
C:HI:HA:H7.2/CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H