Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/05 8:14 a.m.6 views

Security Bulletin: IBM watsonx.ai on Cloud Pak for Data is vulnerable to python-Python-3.12.0b4 (Publicly disclosed vulnerability found by Mend) due to python pip package ( CVE-2023-5752, PRISMA-2022-0168)

Summary IBM watsonx.ai on Cloud Pak for Data internally uses CVE-2023-5752 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary...

5.5CVSS6.5AI score0.00476EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2023/12/14 12:0 a.m.5 views

Medium: python-pip

Issue Overview: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how...

5.5CVSS8.6AI score0.00476EPSS
Exploits0
Amazon
Amazon
added 2023/12/04 12:0 a.m.4 views

Medium: python-pip

Issue Overview: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how...

5.5CVSS6.8AI score0.00476EPSS
Exploits0
OSV
OSV
added 2023/10/25 6:17 p.m.8 views

AZL-39958 CVE-2023-5752 affecting package python3 for versions less than 3.12.3-1

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

3.3CVSS6.7AI score0.00476EPSS
Exploits0References1
PyPA
PyPA
added 2023/10/25 6:17 p.m.4 views

PYSEC-2023-228

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

5.5CVSS7.5AI score0.00476EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.0 views

SUSE CVE-2021-29472

Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to...

8.8CVSS9.2AI score0.04849EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2021/10/27 12:0 a.m.2 views

The vulnerability of the HgDriver component of the PHP Composer dependency manager relates to the implementation or modification of arguments, allowing attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the HgDriver component in the PHP Composer dependency manager is related to improper cleaning of Mercurial repository URLs. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures through the...

8.8CVSS7.9AI score0.04849EPSS
Exploits1References12Affected Software4
Rows per page
Query Builder