5 matches found
CVE-2023-45805
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...
Design/Logic Flaw
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...
CVE-2023-45805
CVE-2023-45805 affects the Python tool PDM (dependency manager). A crafted pawns-style lockfile in which a project like foo is targeted with foo-2 and a file foo-2-2.tar.gz can mislead PyPI and PDM into installing a different project than what appears in pyproject.toml, potentially allowing arbit...
CVE-2023-45805 Trojan Lockfilein pdm
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...
CVE-2023-45805
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...