23 matches found
EUVD-2022-0202
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-21668
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files...
Fedora 37 : pipenv (2022-8a01f4e871)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8a01f4e871 advisory. Automatic update for pipenv-2021.5.29-7.fc37. Changelog Thu Feb 24 2022 Tomas Orsava - 2021.5.29-7 - Fix for CVE-2022-21668 Resolves: rhbz2039830 Tenable has...
Fedora: Security Advisory for pipenv (FEDORA-2022-0d007466b3)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for pipenv (FEDORA-2022-77ce20f03a)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for pipenv (FEDORA-2022-508e460384)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
GHSA-QC9X-GJCV-465W Pipenv's requirements.txt parsing allows malicious index url in comments
Issue Summary Due to a flaw in pipenv's parsing of requirements files, an attacker can insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file e.g. with "pipenv install -r requirements.txt...
Remote Code Execution (RCE)
pipenv is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of requirements files allowing an attacker to inject a maliciously crafted string inside a comment in a requirements.txt file...
CVE-2022-21668
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...
CVE-2022-21668
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...
Design/Logic Flaw
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...
PYSEC-2022-6
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...
CVE-2022-21668
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...
PYSEC-2022-6
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...
UBUNTU-CVE-2022-21668
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...
CVE-2022-21668 Pipenv's requirements.txt parsing allows malicious index url in comments
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...
CVE-2022-21668
CVE-2022-21668 affects pipenv versions prior to 2022.1.8, where a flaw in parsing requirements.txt can let an attacker embed a malicious string in a comment that causes installation to fetch from a hostile package index. If the index URL (or a hijacked proxy) is used, the attacker can deliver pac...
CVE-2022-21668
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...
CVE-2022-21668 Pipenv's requirements.txt parsing allows malicious index url in comments
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...
Pipenv 命令注入漏洞
Pipenv is a tool designed to bring the best of all packaging worlds packager, composer, npm, cargo, yarn, etc. to the Python world. pipenv suffers from a command injection vulnerability that stems from allowing an attacker to insert specially crafted strings into comments anywhere in a...