-
-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Latest data: Tue Oct 31 08:03:41 UTC 2023
- Loading branch information
github.actions
committed
Oct 31, 2023
1 parent
9a3e0c6
commit 7a9108d
Showing
24 changed files
with
2,129 additions
and
654 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,230 @@ | ||
| [ | ||
| { | ||
| "package": { | ||
| "name": "pip", | ||
| "version": "22.3.1", | ||
| "ecosystem": "PyPI", | ||
| "commit": "" | ||
| }, | ||
| "vulnerabilities": [ | ||
| { | ||
| "modified": "2023-10-30T15:15:56Z", | ||
| "published": "2023-10-25T18:32:26Z", | ||
| "schema_version": "1.6.0", | ||
| "id": "GHSA-mq26-g339-26xf", | ||
| "aliases": [ | ||
| "CVE-2023-5752" | ||
| ], | ||
| "summary": "Command Injection in pip when used with Mercurial", | ||
| "details": "When installing a package from a Mercurial VCS URL, e.g. `pip install hg+...`, with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the `hg clone` call (e.g. `--config`). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.\n", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "ecosystem": "PyPI", | ||
| "name": "pip", | ||
| "purl": "pkg:pypi/pip" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "23.3" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "versions": [ | ||
| "0.2", | ||
| "0.2.1", | ||
| "0.3", | ||
| "0.3.1", | ||
| "0.4", | ||
| "0.5", | ||
| "0.5.1", | ||
| "0.6", | ||
| "0.6.1", | ||
| "0.6.2", | ||
| "0.6.3", | ||
| "0.7", | ||
| "0.7.1", | ||
| "0.7.2", | ||
| "0.8", | ||
| "0.8.1", | ||
| "0.8.2", | ||
| "0.8.3", | ||
| "1.0", | ||
| "1.0.1", | ||
| "1.0.2", | ||
| "1.1", | ||
| "1.2", | ||
| "1.2.1", | ||
| "1.3", | ||
| "1.3.1", | ||
| "1.4", | ||
| "1.4.1", | ||
| "1.5", | ||
| "1.5.1", | ||
| "1.5.2", | ||
| "1.5.3", | ||
| "1.5.4", | ||
| "1.5.5", | ||
| "1.5.6", | ||
| "10.0.0", | ||
| "10.0.0b1", | ||
| "10.0.0b2", | ||
| "10.0.1", | ||
| "18.0", | ||
| "18.1", | ||
| "19.0", | ||
| "19.0.1", | ||
| "19.0.2", | ||
| "19.0.3", | ||
| "19.1", | ||
| "19.1.1", | ||
| "19.2", | ||
| "19.2.1", | ||
| "19.2.2", | ||
| "19.2.3", | ||
| "19.3", | ||
| "19.3.1", | ||
| "20.0", | ||
| "20.0.1", | ||
| "20.0.2", | ||
| "20.1", | ||
| "20.1.1", | ||
| "20.1b1", | ||
| "20.2", | ||
| "20.2.1", | ||
| "20.2.2", | ||
| "20.2.3", | ||
| "20.2.4", | ||
| "20.2b1", | ||
| "20.3", | ||
| "20.3.1", | ||
| "20.3.2", | ||
| "20.3.3", | ||
| "20.3.4", | ||
| "20.3b1", | ||
| "21.0", | ||
| "21.0.1", | ||
| "21.1", | ||
| "21.1.1", | ||
| "21.1.2", | ||
| "21.1.3", | ||
| "21.2", | ||
| "21.2.1", | ||
| "21.2.2", | ||
| "21.2.3", | ||
| "21.2.4", | ||
| "21.3", | ||
| "21.3.1", | ||
| "22.0", | ||
| "22.0.1", | ||
| "22.0.2", | ||
| "22.0.3", | ||
| "22.0.4", | ||
| "22.1", | ||
| "22.1.1", | ||
| "22.1.2", | ||
| "22.1b1", | ||
| "22.2", | ||
| "22.2.1", | ||
| "22.2.2", | ||
| "22.3", | ||
| "22.3.1", | ||
| "23.0", | ||
| "23.0.1", | ||
| "23.1", | ||
| "23.1.1", | ||
| "23.1.2", | ||
| "23.2", | ||
| "23.2.1", | ||
| "6.0", | ||
| "6.0.1", | ||
| "6.0.2", | ||
| "6.0.3", | ||
| "6.0.4", | ||
| "6.0.5", | ||
| "6.0.6", | ||
| "6.0.7", | ||
| "6.0.8", | ||
| "6.1.0", | ||
| "6.1.1", | ||
| "7.0.0", | ||
| "7.0.1", | ||
| "7.0.2", | ||
| "7.0.3", | ||
| "7.1.0", | ||
| "7.1.1", | ||
| "7.1.2", | ||
| "8.0.0", | ||
| "8.0.1", | ||
| "8.0.2", | ||
| "8.0.3", | ||
| "8.1.0", | ||
| "8.1.1", | ||
| "8.1.2", | ||
| "9.0.0", | ||
| "9.0.1", | ||
| "9.0.2", | ||
| "9.0.3" | ||
| ], | ||
| "database_specific": { | ||
| "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-mq26-g339-26xf/GHSA-mq26-g339-26xf.json" | ||
| } | ||
| } | ||
| ], | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5752" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/pypa/pip/pull/12306" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4" | ||
| }, | ||
| { | ||
| "type": "PACKAGE", | ||
| "url": "https://github.com/pypa/pip" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://mail.python.org/archives/list/[email protected]/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-77" | ||
| ], | ||
| "github_reviewed": true, | ||
| "github_reviewed_at": "2023-10-30T15:00:34Z", | ||
| "nvd_published_at": null, | ||
| "severity": "MODERATE" | ||
| } | ||
| } | ||
| ], | ||
| "groups": [ | ||
| { | ||
| "ids": [ | ||
| "GHSA-mq26-g339-26xf" | ||
| ] | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "package": { | ||
| "name": "urllib3", | ||
|
|
||
Oops, something went wrong.