Lucene search
+L

137 matches found

openvas
openvas
added 2024/05/07 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2024:0892-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6AI score0.00476EPSS
Exploits0References4
nessus
nessus
added 2024/04/21 12:0 a.m.36 views

Fedora 39 : python-pip (2024-b72bc39c00)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b72bc39c00 advisory. Security fix for CVE-2023-5752 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

5.5CVSS6.6AI score0.00476EPSS
Exploits0References2
osv
osv
added 2024/03/14 1:25 p.m.5 views

SUSE-SU-2024:0892-1 Security update for python36-pip

This update for python36-pip fixes the following issues: - CVE-2023-5752: Fixed possible injection of arbitrary configuration through Mercurial parameter. bsc1217353...

5.5CVSS6.1AI score0.00476EPSS
Exploits0References3
ibm
ibm
added 2024/03/08 4:54 p.m.40 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a local authenticated attacker (CVE-2023-5752)

Summary There is a vulnerability in Python Packaging Authority pip used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: Python Packaging Authority...

5.5CVSS4.6AI score0.00476EPSS
Exploits0Affected Software1
openvas
openvas
added 2024/03/04 12:0 a.m.29 views

openSUSE: Security Advisory for python (SUSE-SU-2023:4988-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.4AI score0.00476EPSS
Exploits0References2
f5
f5
added 2024/02/15 4:39 p.m.52 views

K000138628: python-pip vulnerabilities CVE-2021-3572 and CVE-2023-5752

Security Advisory Description CVE-2021-3572 A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity...

5.7CVSS7.1AI score0.01687EPSS
Exploits2
circl
circl
added 2024/01/08 6:45 p.m.4 views

CVE-2023-5752

creationtimestamp| type| source ---|---|--- 2024-01-08 18:45:57+00:00| seen| https://t.me/arpsyndicate/2667...

5.5CVSS6.1AI score0.00476EPSS
Exploits0References1
nessus
nessus
added 2023/12/29 12:0 a.m.30 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-pip (SUSE-SU-2023:4988-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4988-1 advisory. - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter bsc1217353. Tenab...

5.5CVSS6.9AI score0.00476EPSS
Exploits0References4
openvas
openvas
added 2023/12/29 12:0 a.m.34 views

SUSE: Security Advisory (SUSE-SU-2023:4987-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6AI score0.00476EPSS
Exploits0References4
osv
osv
added 2023/12/28 3:6 p.m.7 views

SUSE-SU-2023:4988-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter bsc1217353...

5.5CVSS6.1AI score0.00476EPSS
Exploits0References3
osv
osv
added 2023/12/28 3:6 p.m.9 views

SUSE-SU-2023:4987-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter bsc1217353...

5.5CVSS6.1AI score0.00476EPSS
Exploits0References3
nessus
nessus
added 2023/12/15 12:0 a.m.93 views

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2023-442)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-442 advisory. When installing a package from a Mercurial VCS URL ie pip installhg+... with pip prior to v23.3, the specified Mercurial revision couldbe used to inject arbitrary configuration options to the hg cloneca...

5.5CVSS6.7AI score0.00476EPSS
Exploits0References4
amazon
amazon
added 2023/12/14 12:0 a.m.5 views

Medium: python-pip

Issue Overview: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how...

5.5CVSS8.6AI score0.00476EPSS
Exploits0
amazon
amazon
added 2023/12/04 12:0 a.m.4 views

Medium: python-pip

Issue Overview: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how...

5.5CVSS6.8AI score0.00476EPSS
Exploits0
nessus
nessus
added 2023/12/04 12:0 a.m.44 views

Amazon Linux 2 : python-pip (ALAS-2023-2349)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2349 advisory. When installing a package from a Mercurial VCS URL ie pip installhg+... with pip prior to v23.3, the specified Mercurial revision couldbe used to inject arbitrary configuration options to the hg clonecall...

5.5CVSS6.7AI score0.00476EPSS
Exploits0References4
redhatcve
redhatcve
added 2023/11/21 4:19 a.m.51 views

CVE-2023-5752

A flaw was found in the Python pip package. The pip could allow a local authenticated attacker to bypass security restrictions due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker can inject arbitrary configuration options to the "h...

3.3CVSS3.8AI score0.00476EPSS
Exploits0References5
vulnersosv
vulnersosv
added 2023/10/25 6:32 p.m.7 views

aadetools (>=0.0.3 <=0.0.5), adversarial-insight-ml (=0.1.0) +311 more potentially affected by CVE-2023-5752 via pip (>=10.0.0b2 <=23.2.1)

pip PYPI version =10.0.0b2, =0.0.3, =2.0.0, =0.1.2, =0.0.1, =1.8.15, =1.8.17, =0.1.0, =0.2.3, =1.8.14, =2022.7.7, =2.0.3, =1.2.0, =1.3.0 - ak-sw-benchmarker =0.0.9 and more Source cves: CVE-2023-5752 Source advisory: OSV:GHSA-MQ26-G339-26XF...

5.5CVSS6.7AI score0.00476EPSS
Exploits0
osv
osv
added 2023/10/25 6:17 p.m.6 views

AZL-60006 CVE-2023-5752 affecting package python3 for versions less than 3.9.19-14

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

3.3CVSS6.7AI score0.00476EPSS
Exploits0References1
wolfi
wolfi
added 2023/10/25 6:17 p.m.40 views

CVE-2023-5752 vulnerabilities

Vulnerabilities for packages: jwt-tool...

5.5CVSS7.1AI score0.00476EPSS
Exploits0
cgr
cgr
added 2023/10/25 6:17 p.m.36 views

CVE-2023-5752 vulnerabilities

Vulnerabilities for packages: jwt-tool, k8s-sidecar...

5.5CVSS6.7AI score0.00476EPSS
Exploits0
Rows per page
Query Builder