Published: 25/10/2023 Updated: 21/04/2024

CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8

VMScore: 0

DescriptionA flaw was found in the Python pip package. The pip could allow a local authenticated malicious user to bypass security restrictions, due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker could exploit this vulnerability to inject arbitrary configuration options to the "hg clone" call to modify how and which repository is installed.A flaw was found in the Python pip package. The pip could allow a local authenticated malicious user to bypass security restrictions, due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker could exploit this vulnerability to inject arbitrary configuration options to the "hg clone" call to modify how and which repository is installed.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pypa pip

When installing a package from a Mercurial VCS URL (ie "pip install hg+") with pip prior to v233, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config") Controlling the Mercurial configuration can modify how and which repository is installed This vulnerability does not ...

DescriptionA flaw was found in the Python pip package The pip could allow a local authenticated attacker to bypass security restrictions, due to a flaw when installing a package from a Mercurial VCS URL By sending a specially crafted request, an attacker could exploit this vulnerability to inject arbitrary configuration options to the "hg ...

Настроим docker-compose файл, в котором в качестве сервисов будет: postgres и server Настроим постоянное хранение, сетевое окружение и healthckecks Для server настроим Dockerfile с необходимой версией питона (облегченной) и необходимы

Подготовка среды Настроим docker-compose файл, в котором в качестве сервисов будет: postgres и server Настроим постоянное хранение, сетевое окружение и healthckecks Для server настроим Dockerfile с необходимой версией питона (облегче�

Operating a Zammad Instance in the Google Cloud Abstract Simple and straightforward setup and operation using this guide Updates via swapping the Docker image Lowest possible operating costs Spot instance (Spot VMs may be terminated at any time) Default network Standard storage Time-controlled operation possible Operating in Central America (Iowa) Zammad instance on a VM

Настроим docker-compose файл, в котором в качестве сервисов будет: БД redis и task Настроим постоянное хранение, сетевое окружение и healthckecks Для task настроим Dockerfile с необходимой версией питона (облегченной) и необходимым

Приложение состоит из 3 контейнеров: Flask (wsgi - gunicorn) Nginx (proxy) Redis (persistent DB) 1 Результат работы 2 Сканирование Trivy В результате сканирования образа контейнера Flask была найдена уязвимость CVE-2023-5752 Уязвимость связа�

Подготовка среды Настроим docker-compose файл, в котором в качестве сервисов будет: postgres и server Настроим постоянное хранение, сетевое окружение и healthckecks Для server настроим Dockerfile с необходимой версией питона (облегче�

CWE-77 https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/https://github.com/pypa/pip/pull/12306 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ/https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2023-2349.html https://access.redhat.com/security/cve/cve-2023-5752

CVE-2023-5752

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect