CVE-2023-5752

LOW Year: 2023
CVSS v3 Score
3.3
Low
Weakness Type
CWE-77
View all →

Vulnerability Description

When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.

Related Vulnerabilities

CVE-2024-34713

LOW
CVSS:3.5(Low)

sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using `ssh...

CWE-772024

CVE-2024-54681

LOW
CVSS:3.5(Low)

Multiple bash files were present in the application's private directory. Bash files can be used on their own, by an attacker that has already full access to the mobile platform to compromise the trans...

CWE-772024

CVE-2021-38372

LOW
CVSS:3.7(Low)

In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS.

CWE-772021

CVE-2024-8402

LOW
CVSS:3.7(Low)

An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input val...

CWE-772024

CVE-2024-9773

LOW
CVSS:3.7(Low)

An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input v...

CWE-772024

CVE-2024-32314

LOW
CVSS:3.8(Low)

Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.

CWE-772024