pip@20.3.4 vulnerabilities
The PyPA recommended tool for installing Python packages.
-
latest version
24.0
-
latest non vulnerable version
-
first published
16 years ago
-
latest version published
3 months ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the pip package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Arbitrary Command Injection when installing a package from a Mercurial VCS URL. An attacker can inject arbitrary configuration options to the How to fix Arbitrary Command Injection? Upgrade |
[,23.3)
|
Affected versions of this package are vulnerable to Improper Input Validation. Splitting on unicode separators in git references could be maliciously used to install a different revision on the repository. How to fix Improper Input Validation? Upgrade |
[,21.1)
|