Headline
GHSA-v4f4-23wc-99mh: pipreqs vulnerable to Dependency Confusion
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.
pipreqs vulnerable to Dependency Confusion
Moderate severity GitHub Reviewed Published Jun 30, 2023 to the GitHub Advisory Database • Updated Jun 30, 2023
Related news
CVE-2023-31543: Mitigation for dependency confusion in pipreqs by adeadfed · Pull Request #364 · bndr/pipreqs
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.