Lucene search
K

18 matches found

OSV
OSV
added 2026/06/05 3:48 p.m.10 views

OESA-2026-2541 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 20.2.2 Release: 4 Summary: A...

8.2CVSS6.6AI score0.00527EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in python-pip

When installing a package from a Mercurial VCS URL e.g., “pip install hg+…” using pip before version 23.3, the specified Mercurial revision could be used to inject arbitrary configuration options into the “hg clone” call e.g., “--config”. Controlling the Mercurial configuration allows modifying t...

5.5CVSS6.8AI score0.00476EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0200

Malicious code in bioql PyPI...

5.5CVSS6.1AI score0.00476EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2025/07/19 12:0 a.m.3 views

CBL Mariner 2.0 Security Update: python3 (CVE-2023-5752)

The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5752 advisory. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the...

5.5CVSS6.7AI score0.00476EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/07 3:14 p.m.41 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip package for python could allow a remote attacker to traverse directories on the system, caused by a flaw when installing package via a...

8.8CVSS10AI score0.03028EPSS
Exploits7Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/10 12:0 a.m.27 views

Fedora 38 : pypy (2024-797928fed3)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-797928fed3 advisory. Security fix for CVE-2023-5752 in the bundled pip. Tenable has extracted the preceding description block directly from the Fedora security advisory...

5.5CVSS6.7AI score0.00476EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/10 12:0 a.m.18 views

Fedora 39 : pypy (2024-dada06a500)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-dada06a500 advisory. Security fix for CVE-2023-5752 in the bundled pip. Tenable has extracted the preceding description block directly from the Fedora security advisory...

5.5CVSS6.7AI score0.00476EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/09 12:0 a.m.41 views

Fedora 40 : pypy (2024-612986fdfa)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-612986fdfa advisory. Security fix for CVE-2023-5752 in the bundled pip. Tenable has extracted the preceding description block directly from the Fedora security advisory...

5.5CVSS6.7AI score0.00476EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/03/16 12:0 a.m.24 views

SUSE SLES12 Security Update : python36-pip (SUSE-SU-2024:0892-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0892-1 advisory. - CVE-2023-5752: Fixed possible injection of arbitrary configuration through Mercurial parameter. bsc1217353 Tenable has extracted the...

5.5CVSS6.9AI score0.00476EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/08 4:54 p.m.40 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a local authenticated attacker (CVE-2023-5752)

Summary There is a vulnerability in Python Packaging Authority pip used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: Python Packaging Authority...

5.5CVSS4.6AI score0.00476EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 10:40 p.m.22 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Python Packaging Authority pip

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Python Packaging Authority pip. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: Python Packaging Authority pip could allow a local authenticated attacker to bypass security restrictions, caus...

5.5CVSS4.7AI score0.00476EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/12/29 12:0 a.m.30 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-pip (SUSE-SU-2023:4988-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4988-1 advisory. - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter bsc1217353. Tenab...

5.5CVSS6.9AI score0.00476EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/12/29 12:0 a.m.46 views

SUSE SLES12 Security Update : python-pip (SUSE-SU-2023:4987-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4987-1 advisory. - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter bsc1217353. Tenable has extracted the preceding...

5.5CVSS6.9AI score0.00476EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/11/21 4:19 a.m.51 views

CVE-2023-5752

A flaw was found in the Python pip package. The pip could allow a local authenticated attacker to bypass security restrictions due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker can inject arbitrary configuration options to the "h...

3.3CVSS3.8AI score0.00476EPSS
Exploits0References5
Prion
Prion
added 2023/10/25 6:17 p.m.31 views

Design/Logic Flaw

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

1.7CVSS4.1AI score0.00476EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/10/25 6:17 p.m.95 views

PYSEC-2023-228

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

3.3CVSS7AI score0.00476EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/10/25 12:0 a.m.45 views

CVE-2023-5752

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

5.5CVSS6.8AI score0.00476EPSS
Exploits0References4
OSV
OSV
added 2023/10/24 8:56 p.m.38 views

CVE-2023-5752 Mercurial configuration injectable in repo revision when installing via pip

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

5.5CVSS7.2AI score0.00476EPSS
Exploits0References12
Rows per page
Query Builder