2 matches found
EUVD-2024-38344
Malicious code in bioql PyPI...
UBUNTU-CVE-2023-5752
When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...