Description<!---->A flaw was found in the Python pip package. The pip could allow a local authenticated malicious user to bypass security restrictions, due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker could exploit this vulnerability to inject arbitrary configuration options to the "hg clone" call to modify how and which repository is installed.A flaw was found in the Python pip package. The pip could allow a local authenticated malicious user to bypass security restrictions, due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker could exploit this vulnerability to inject arbitrary configuration options to the "hg clone" call to modify how and which repository is installed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pypa pip |