Lucene search
K

5 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-21668

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files...

9.3CVSS7.9AI score0.03897EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.6 views

Fedora 37 : pipenv (2022-8a01f4e871)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8a01f4e871 advisory. Automatic update for pipenv-2021.5.29-7.fc37. Changelog Thu Feb 24 2022 Tomas Orsava - 2021.5.29-7 - Fix for CVE-2022-21668 Resolves: rhbz2039830 Tenable has...

9.3CVSS7.9AI score0.03897EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/01/10 9:15 p.m.9 views

CVE-2022-21668

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

9.3CVSS7.9AI score0.03897EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2022/01/10 9:15 p.m.3 views

UBUNTU-CVE-2022-21668

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

8.6CVSS6.5AI score0.03897EPSS
Exploits1References5
CVE
CVE
added 2022/01/10 8:20 p.m.143 views

CVE-2022-21668

CVE-2022-21668 affects pipenv versions prior to 2022.1.8, where a flaw in parsing requirements.txt can let an attacker embed a malicious string in a comment that causes installation to fetch from a hostile package index. If the index URL (or a hijacked proxy) is used, the attacker can deliver pac...

9.3CVSS8.2AI score0.03897EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder