SUSE: Security Advisory (SUSE-SU-2023:4987-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : python-pip (SUSE-SU-2023:4987-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4987-1 advisory. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the specified Mercurial revision could b...

SUSE-SU-2023:4988-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter bsc1217353...

SUSE-SU-2023:4987-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter bsc1217353...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2023-3450)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2023-3315)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2023-3347)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: python-pip

Issue Overview: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how...

Amazon Linux 2 : python-pip (ALAS-2023-2349)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2349 advisory. When installing a package from a Mercurial VCS URL ie pip installhg+... with pip prior to v23.3, the specified Mercurial revision couldbe used to inject arbitrary configuration options to the hg clonecall...

CVE-2023-5752

A flaw was found in the Python pip package. The pip could allow a local authenticated attacker to bypass security restrictions due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker can inject arbitrary configuration options to the "h...

Oracle Linux 8 : python-pip (ELSA-2023-7176)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7176 advisory. 9.0.3-23 - Use tarfile.datafilter for extracting CVE-2007-4559, PEP-721, PEP-706 Resolves: RHBZ2218241 Tenable has extracted the preceding description block...

python-pip security update

9.0.3-23 - Use tarfile.datafilter for extracting CVE-2007-4559, PEP-721, PEP-706 Resolves: RHBZ2218241...

Oracle Linux 9 : python-pip (ELSA-2023-6694)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6694 advisory. 21.2.3-7 - Use tarfile.datafilter for extracting CVE-2007-4559, PEP-721, PEP-706 Resolves: RHBZ2207997 Tenable has extracted the preceding description block...

Ubuntu: Security Advisory (USN-6473-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 8 : python-pip (CESA-2023:7176)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:7176 advisory. - Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwri...

python-pip security update

21.2.3-7 - Use tarfile.datafilter for extracting CVE-2007-4559, PEP-721, PEP-706 Resolves: RHBZ2207997...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2023-3151)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: python-pip security update

An update for python-pip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Rocky Linux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2021:4160)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4160 advisory. - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the...

CVE-2023-5722

Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox 119...