5 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-21668
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files...
Fedora 37 : pipenv (2022-8a01f4e871)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8a01f4e871 advisory. Automatic update for pipenv-2021.5.29-7.fc37. Changelog Thu Feb 24 2022 Tomas Orsava - 2021.5.29-7 - Fix for CVE-2022-21668 Resolves: rhbz2039830 Tenable has...
CVE-2022-21668
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...
UBUNTU-CVE-2022-21668
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...
CVE-2022-21668
CVE-2022-21668 affects pipenv versions prior to 2022.1.8, where a flaw in parsing requirements.txt can let an attacker embed a malicious string in a comment that causes installation to fetch from a hostile package index. If the index URL (or a hijacked proxy) is used, the attacker can deliver pac...