Package | Installed | Affected | Info |
---|---|---|---|
pip | 20.2.3 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
pip | 20.2.3 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
pip | 20.2.3 | <23.3 |
show Pip 23.3 includes a fix for CVE-2023-5752: When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. https://github.com/pypa/pip/pull/12306 |
Package | Installed | Affected | Info |
---|---|---|---|
pip | 20.2.3 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
pip | 20.2.3 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
pip | 20.2.3 | <23.3 |
show Pip 23.3 includes a fix for CVE-2023-5752: When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. https://github.com/pypa/pip/pull/12306 |
Package | Installed | Affected | Info |
---|---|---|---|
pip | 20.2.3 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
pip | 20.2.3 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
pip | 20.2.3 | <23.3 |
show Pip 23.3 includes a fix for CVE-2023-5752: When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. https://github.com/pypa/pip/pull/12306 |
Package | Installed | Affected | Info |
---|---|---|---|
pip | 20.2.3 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
pip | 20.2.3 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
pip | 20.2.3 | <23.3 |
show Pip 23.3 includes a fix for CVE-2023-5752: When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. https://github.com/pypa/pip/pull/12306 |
Package | Installed | Affected | Info |
---|---|---|---|
pip | 20.2.3 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
pip | 20.2.3 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
pip | 20.2.3 | <23.3 |
show Pip 23.3 includes a fix for CVE-2023-5752: When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. https://github.com/pypa/pip/pull/12306 |
Package | Installed | Affected | Info |
---|---|---|---|
pip | 20.2.3 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
pip | 20.2.3 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
pip | 20.2.3 | <23.3 |
show Pip 23.3 includes a fix for CVE-2023-5752: When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. https://github.com/pypa/pip/pull/12306 |
Package | Installed | Affected | Info |
---|---|---|---|
pip | 20.2.3 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
pip | 20.2.3 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
pip | 20.2.3 | <23.3 |
show Pip 23.3 includes a fix for CVE-2023-5752: When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. https://github.com/pypa/pip/pull/12306 |
Package | Installed | Affected | Info |
---|---|---|---|
pip | 20.2.3 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
pip | 20.2.3 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
pip | 20.2.3 | <23.3 |
show Pip 23.3 includes a fix for CVE-2023-5752: When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. https://github.com/pypa/pip/pull/12306 |
Package | Installed | Affected | Info |
---|---|---|---|
pip | 20.2.3 | <21.1 |
show A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. |
pip | 20.2.3 | <21.1 |
show Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues. |
pip | 20.2.3 | <23.3 |
show Pip 23.3 includes a fix for CVE-2023-5752: When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. https://github.com/pypa/pip/pull/12306 |
https://pyup.io/repos/github/bradlindblad/schrutepy/python-3-shield.svg
[![Python 3](https://pyup.io/repos/github/bradlindblad/schrutepy/python-3-shield.svg)](https://pyup.io/repos/github/bradlindblad/schrutepy/)
.. image:: https://pyup.io/repos/github/bradlindblad/schrutepy/python-3-shield.svg :target: https://pyup.io/repos/github/bradlindblad/schrutepy/ :alt: Python 3
<a href="https://pyup.io/repos/github/bradlindblad/schrutepy/"><img src="https://pyup.io/repos/github/bradlindblad/schrutepy/shield.svg" alt="Python 3" /></a>
!https://pyup.io/repos/github/bradlindblad/schrutepy/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/bradlindblad/schrutepy/
{<img src="https://pyup.io/repos/github/bradlindblad/schrutepy/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/bradlindblad/schrutepy/]
https://pyup.io/repos/github/bradlindblad/schrutepy/shield.svg
[![Updates](https://pyup.io/repos/github/bradlindblad/schrutepy/shield.svg)](https://pyup.io/repos/github/bradlindblad/schrutepy/)
.. image:: https://pyup.io/repos/github/bradlindblad/schrutepy/shield.svg :target: https://pyup.io/repos/github/bradlindblad/schrutepy/ :alt: Updates
<a href="https://pyup.io/repos/github/bradlindblad/schrutepy/"><img src="https://pyup.io/repos/github/bradlindblad/schrutepy/shield.svg" alt="Updates" /></a>
!https://pyup.io/repos/github/bradlindblad/schrutepy/shield.svg(Updates)!:https://pyup.io/repos/github/bradlindblad/schrutepy/
{<img src="https://pyup.io/repos/github/bradlindblad/schrutepy/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/bradlindblad/schrutepy/]