rpm package
suse/python36-pip&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5
pkg:rpm/suse/python36-pip&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-5752 | Med | 5.5 | < 20.2.4-8.15.1 | 20.2.4-8.15.1 | Oct 25, 2023 | When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can m | |
| CVE-2021-3572 | Med | 5.7 | < 20.2.4-8.9.1 | 20.2.4-8.9.1 | Nov 10, 2021 | A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip |
- affected < 20.2.4-8.15.1fixed 20.2.4-8.15.1
When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can m
- affected < 20.2.4-8.9.1fixed 20.2.4-8.9.1
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip