Lucene search
+L

23 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-0202

Malicious code in bioql PyPI...

9.3CVSS8.5AI score0.03897EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-21668

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files...

9.3CVSS7.5AI score0.03897EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.8 views

Fedora 37 : pipenv (2022-8a01f4e871)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8a01f4e871 advisory. Automatic update for pipenv-2021.5.29-7.fc37. Changelog Thu Feb 24 2022 Tomas Orsava - 2021.5.29-7 - Fix for CVE-2022-21668 Resolves: rhbz2039830 Tenable has...

9.3CVSS7.9AI score0.03897EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/03/27 12:0 a.m.19 views

Fedora: Security Advisory for pipenv (FEDORA-2022-0d007466b3)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.6AI score0.03897EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/03/23 12:0 a.m.13 views

Fedora: Security Advisory for pipenv (FEDORA-2022-508e460384)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.7AI score0.03897EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/03/23 12:0 a.m.19 views

Fedora: Security Advisory for pipenv (FEDORA-2022-77ce20f03a)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.7AI score0.03897EPSS
Exploits1References2
OSV
OSV
added 2022/01/12 10:29 p.m.24 views

GHSA-QC9X-GJCV-465W Pipenv's requirements.txt parsing allows malicious index url in comments

Issue Summary Due to a flaw in pipenv's parsing of requirements files, an attacker can insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file e.g. with "pipenv install -r requirements.txt...

8.8CVSS8.7AI score0.03897EPSS
Exploits1References9
Veracode
Veracode
added 2022/01/11 9:5 a.m.25 views

Remote Code Execution (RCE)

pipenv is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of requirements files allowing an attacker to inject a maliciously crafted string inside a comment in a requirements.txt file...

8.6CVSS4.5AI score0.03897EPSS
Exploits1References9Affected Software1
NVD
NVD
added 2022/01/10 9:15 p.m.26 views

CVE-2022-21668

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

9.3CVSS0.03897EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2022/01/10 9:15 p.m.9 views

CVE-2022-21668

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

9.3CVSS7.9AI score0.03897EPSS
Exploits1References10Affected Software1
PyPA
PyPA
added 2022/01/10 9:15 p.m.6 views

PYSEC-2022-6

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

9.3CVSS7.8AI score0.03897EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCve
added 2022/01/10 9:15 p.m.182 views

CVE-2022-21668

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

9.3CVSS7.8AI score0.03897EPSS
Exploits1References4
Prion
Prion
added 2022/01/10 9:15 p.m.25 views

Design/Logic Flaw

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

9.3CVSS8.6AI score0.03897EPSS
Exploits1References6Affected Software2
OSV
OSV
added 2022/01/10 9:15 p.m.4 views

UBUNTU-CVE-2022-21668

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

8.6CVSS6.5AI score0.03897EPSS
Exploits1References5
OSV
OSV
added 2022/01/10 9:15 p.m.34 views

PYSEC-2022-6

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

9.3CVSS4.7AI score0.03897EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/01/10 8:20 p.m.42 views

CVE-2022-21668 Pipenv's requirements.txt parsing allows malicious index url in comments

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

8CVSS8.8AI score0.03897EPSS
Exploits1References6
CVE
CVE
added 2022/01/10 8:20 p.m.147 views

CVE-2022-21668

CVE-2022-21668 affects pipenv versions prior to 2022.1.8, where a flaw in parsing requirements.txt can let an attacker embed a malicious string in a comment that causes installation to fetch from a hostile package index. If the index URL (or a hijacked proxy) is used, the attacker can deliver pac...

9.3CVSS8.2AI score0.03897EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/01/10 8:20 p.m.21 views

CVE-2022-21668 Pipenv's requirements.txt parsing allows malicious index url in comments

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

8CVSS8.7AI score0.03897EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2022/01/10 8:20 p.m.71 views

CVE-2022-21668

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

9.3CVSS8.7AI score0.03897EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/01/10 12:0 a.m.7 views

PT-2022-15021

Name of the Vulnerable Software and Affected Versions pipenv versions 2018.10.9 through 2022.1.8 Description A flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file. This will cause victims w...

9.3CVSS8AI score0.03897EPSS
Exploits1References24
Rows per page
Query Builder