49 matches found
ROOT-APP-PYPI-CVE-2023-5752 CVE-2023-5752 in rootio-pip - Patched by Root
Root has patched CVE-2023-5752 in the rootio-pip package for Root:PyPI. Multiple fixed versions available...
OESA-2026-2542 python-pip security update
pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 20.2.2 Release: 4 Summary: A...
OESA-2026-2541 python-pip security update
pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 20.2.2 Release: 4 Summary: A...
Security Bulletin: Pip Vulnerability Prior to v23.3 Allows Arbitrary Mercurial Configuration Injection via VCS URLs, which affects IBM watsonx.data
Summary When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and whi...
NewStart CGSL MAIN 7.02 : python-pip Vulnerability (NS-SA-2025-0142)
The remote NewStart CGSL host, running version MAIN 7.02, has python-pip packages installed that are affected by a vulnerability: - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary...
Azure Linux 3.0 Security Update: python3 (CVE-2023-5752)
The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5752 advisory. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the...
CBL Mariner 2.0 Security Update: python3 (CVE-2023-5752)
The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5752 advisory. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the...
CVE-2023-5752 affecting package python3 for versions less than 3.9.19-14
CVE-2023-5752 affecting package python3 for versions less than 3.9.19-14. A patched version of the package is available...
Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152
Summary IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152. This bulletin contains information regarding the vulnerability and its fixture...
Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities
Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.0.8. Vulnerability Details CVEID:CVE-2024-31883 DESCRIPTION: IBM Security Verify Access, under certain configurations, could allow an unauthenticated...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary configuration injection due to pip:22.3.1
Summary Pip is used by the DataStage on Cloud Pak for Data px-runtime microservice as part of package installation. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial...
Linux Distros Unpatched Vulnerability : CVE-2023-5752
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the specified Mercurial revision could be used to inject...
Mageia: Security Advisory (MGASA-2025-0055)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2025-0055 Updated python-pip packages fix security vulnerability
Mercurial configuration injectable in repo revision when installing via pip. CVE-2023-5752...
Updated python-pip packages fix security vulnerability
Mercurial configuration injectable in repo revision when installing via pip. CVE-2023-5752...
GLSA-202501-03 : pip: arbitrary configuration injection
The remote host is affected by the vulnerability described in GLSA-202501-03 pip: arbitrary configuration injection Multiple vulnerabilities have been discovered in pip. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...
Fedora 41 : pypy (2024-305522ab38)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-305522ab38 advisory. Automatic update for pypy-7.3.15-3.fc41. Changelog Tue Apr 30 2024 Charalampos Stratakis - 7.3.15-3 - Security fix for CVE-2023-5752 for the bundled pip whee...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python312-pip (SUSE-SU-2024:3156-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:3156-1 advisory. - CVE-2023-5752: Avoiding injection of arbitrary configuration through Mercurial parameter. bsc1217353...
openSUSE Security Advisory (SUSE-SU-2024:3156-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-5752 affecting package python3 for versions less than 3.12.3-1
CVE-2023-5752 affecting package python3 for versions less than 3.12.3-1. An upgraded version of the package is available that resolves this issue...