137 matches found
SUSE: Security Advisory (SUSE-SU-2024:0892-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 39 : python-pip (2024-b72bc39c00)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b72bc39c00 advisory. Security fix for CVE-2023-5752 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
SUSE-SU-2024:0892-1 Security update for python36-pip
This update for python36-pip fixes the following issues: - CVE-2023-5752: Fixed possible injection of arbitrary configuration through Mercurial parameter. bsc1217353...
Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a local authenticated attacker (CVE-2023-5752)
Summary There is a vulnerability in Python Packaging Authority pip used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: Python Packaging Authority...
openSUSE: Security Advisory for python (SUSE-SU-2023:4988-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
K000138628: python-pip vulnerabilities CVE-2021-3572 and CVE-2023-5752
Security Advisory Description CVE-2021-3572 A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity...
CVE-2023-5752
creationtimestamp| type| source ---|---|--- 2024-01-08 18:45:57+00:00| seen| https://t.me/arpsyndicate/2667...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-pip (SUSE-SU-2023:4988-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4988-1 advisory. - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter bsc1217353. Tenab...
SUSE: Security Advisory (SUSE-SU-2023:4987-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:4988-1 Security update for python-pip
This update for python-pip fixes the following issues: - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter bsc1217353...
SUSE-SU-2023:4987-1 Security update for python-pip
This update for python-pip fixes the following issues: - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter bsc1217353...
Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2023-442)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-442 advisory. When installing a package from a Mercurial VCS URL ie pip installhg+... with pip prior to v23.3, the specified Mercurial revision couldbe used to inject arbitrary configuration options to the hg cloneca...
Medium: python-pip
Issue Overview: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how...
Medium: python-pip
Issue Overview: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how...
Amazon Linux 2 : python-pip (ALAS-2023-2349)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2349 advisory. When installing a package from a Mercurial VCS URL ie pip installhg+... with pip prior to v23.3, the specified Mercurial revision couldbe used to inject arbitrary configuration options to the hg clonecall...
CVE-2023-5752
A flaw was found in the Python pip package. The pip could allow a local authenticated attacker to bypass security restrictions due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker can inject arbitrary configuration options to the "h...
aadetools (>=0.0.3 <=0.0.5), adversarial-insight-ml (=0.1.0) +311 more potentially affected by CVE-2023-5752 via pip (>=10.0.0b2 <=23.2.1)
pip PYPI version =10.0.0b2, =0.0.3, =2.0.0, =0.1.2, =0.0.1, =1.8.15, =1.8.17, =0.1.0, =0.2.3, =1.8.14, =2022.7.7, =2.0.3, =1.2.0, =1.3.0 - ak-sw-benchmarker =0.0.9 and more Source cves: CVE-2023-5752 Source advisory: OSV:GHSA-MQ26-G339-26XF...
AZL-60006 CVE-2023-5752 affecting package python3 for versions less than 3.9.19-14
When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...
CVE-2023-5752 vulnerabilities
Vulnerabilities for packages: jwt-tool...
CVE-2023-5752 vulnerabilities
Vulnerabilities for packages: jwt-tool, k8s-sidecar...