Gouldnicholas

**Name of the Vulnerable Software and Affected Versions** pyp2spec versions prior to 0.14.1 **Description** pyp2spec writes PyPI package metadata, such as the summary field, into generated spec files without escaping RPM macro directives. When a packager uses tools like `rpmbuild -bs`, `rpmbuild --nobuild`, or `rpm -q --specfile`, these directives are evaluated, allowing a malicious package to execute arbitrary commands on the build machine. This execution occurs during spec parsing, meaning a full build is not required for compromise. Potential attack vectors include typosquatting or targeting packages under Fedora review, which could lead to the compromise of sensitive credentials such as dist-git SSH keys, Koji build credentials, and Bodhi update credentials. **Recommendations** Update to version 0.14.1.

**Name of the Vulnerable Software and Affected Versions** Traefik versions prior to 2.11.43 Traefik versions prior to 3.6.14 Traefik versions prior to 3.7.0-rc.2 **Description** An authentication bypass exists in the StripPrefixRegex middleware when used with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches a regular expression against the decoded URL path but applies the resulting byte length to slice the percent-encoded raw path. If a dot or multiple dots are present in the prefix portion of the URL, the raw path after stripping becomes a dot-segment (e.g., `/./admin/secret`). ForwardAuth receives this dot-segment path in the `X-Forwarded-Uri` variable, which fails to match protected path patterns, allowing the request to pass. The backend then normalizes the dot-segment to the actual path according to RFC 3986 and serves the protected content. This can be exploited by an unauthenticated attacker against any backend that performs dot-segment normalization. **Recommendations** Update to version 2.11.43. Update to version 3.6.14. Update to version 3.7.0-rc.2.