Lucene search
+L

4 matches found

ibm
ibm
added 2026/06/16 6:26 p.m.7 views

Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the...

7.5CVSS6.3AI score0.00864EPSS
Exploits3Affected Software1
ibm
ibm
added 2025/10/27 1:43 p.m.4 views

Security Bulletin: Pip Vulnerability Prior to v23.3 Allows Arbitrary Mercurial Configuration Injection via VCS URLs, which affects IBM watsonx.data

Summary When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and whi...

5.5CVSS6.5AI score0.00476EPSS
Exploits0Affected Software1
redhat
redhat
added 2024/06/10 6:41 p.m.5 views

pip: Mercurial configuration injectable in repo revision when installing via pip

A flaw was found in the Python pip package. The pip could allow a local authenticated attacker to bypass security restrictions due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker can inject arbitrary configuration options to the "h...

5.5CVSS7.2AI score0.00476EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2023/10/24 12:0 a.m.3 views

PT-2023-7006

Name of the Vulnerable Software and Affected Versions pip versions prior to v23.3 Description The issue is related to the injection of arbitrary configuration options to the "hg clone" call when installing a package from a Mercurial VCS URL using pip. This can modify how and which repository is...

6.8CVSS6.9AI score0.00476EPSS
Exploits0References62
Rows per page
Query Builder