VYPR

rpm package

suse/python36-pip&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

pkg:rpm/suse/python36-pip&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Vulnerabilities (2)

  • CVE-2023-5752MedOct 25, 2023
    affected < 20.2.4-8.15.1fixed 20.2.4-8.15.1

    When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can m

  • CVE-2021-3572MedNov 10, 2021
    affected < 20.2.4-8.9.1fixed 20.2.4-8.9.1

    A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip

VYPR — Vulnerability Intelligence