pip@21.2 vulnerabilities

The PyPA recommended tool for installing Python packages.

latest version

24.0
latest non vulnerable version

24.1b1
first published

16 years ago
latest version published

3 months ago
licenses detected
- MIT
  [0,)
View pip package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the pip package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Arbitrary Command Injection Affected versions of this package are vulnerable to Arbitrary Command Injection when installing a package from a Mercurial VCS URL. An attacker can inject arbitrary configuration options to the `hg clone` call via the `--config` option, which can modify how and which repository is installed. This is only exploitable when installing from Mercurial VCS URLs.. How to fix Arbitrary Command Injection? Upgrade `pip` to version 23.3 or higher.	[,23.3)

Arbitrary Command Injection

Affected versions of this package are vulnerable to Arbitrary Command Injection when installing a package from a Mercurial VCS URL. An attacker can inject arbitrary configuration options to the hg clone call via the --config option, which can modify how and which repository is installed. This is only exploitable when installing from Mercurial VCS URLs..

How to fix Arbitrary Command Injection?

Upgrade pip to version 23.3 or higher.

[,23.3)

Go back to all versions of this package

pip@21.2 vulnerabilities

The PyPA recommended tool for installing Python packages.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities