Pip Security Vulnerabilities and Issues — Pip CVE List

Lucene search

PypaPip

3 matches found

CVE•added 2021/11/10 6:15 p.m.•466 views

CVE-2021-3572

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.

5.7CVSS5.8AI score0.0024EPSS

CVE•added 2023/10/25 6:17 p.m.•278 views

CVE-2023-5752

When installing a package from a Mercurial VCS URL (ie "pip installhg+...") with pip prior to v23.3, the specified Mercurial revision couldbe used to inject arbitrary configuration options to the "hg clone"call (ie "--config"). Controlling the Mercurial configuration can modifyhow and which reposit...

5.5CVSS5AI score0.00044EPSS

CVE•added 2019/11/05 10:15 p.m.•85 views

CVE-2013-5123

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

5.9CVSS5.4AI score0.12863EPSS