Click

DATE	CVE	VULNERABILITY TITLE	RISK
2017-02-13	CVE-2015-8768	Permissions, Privileges, and Access Controls vulnerability in multiple products click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone. network low complexity click-project canonical CWE-264	7.5