EUVD-2023-0200

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Vulnerability in pip allows injection of arbitrary config options from Mercurial VCS URLs before v23.3

Reporter	Title	Published	Views	Family All 116
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition	17 Dec 202509:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	7 Mar 202515:14	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities exists in IBM Netezza Analytics - NPS Product	15 Jul 202515:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities	15 Apr 202502:42	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152	25 Jun 202508:00	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.0.3	7 Oct 202516:08	–	ibm
IBM Security Bulletins	Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for August 2025.	15 Sep 202507:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152	25 Jun 202507:57	–	ibm
IBM Security Bulletins	Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary configuration injection due to pip:22.3.1	10 Mar 202515:34	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Concert Software	6 Apr 202611:24	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "4af7d934-3be2-3806-b12d-ddef9c1656b7",
        "vendor": {
          "name": "Pip maintainers"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "981e755e-5943-3fe8-98e3-e5f4b2d1e7bc",
        "product": {
          "name": "pip"
        },
        "product_version": "patch: 23.3"
      }
    ]
  }
]

Source	Link
mail	www.mail.python.org/archives/list/[email protected]/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/
github	www.github.com/pypa/pip/pull/12306
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-5752
github	www.github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4
github	www.github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ

03 Oct 2025 20:07Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.13.3 - 5.5

EPSS0.00075

SSVC