pipenv@2021.11.5 vulnerabilities
Python Development Workflow for Humans.
-
latest version
2023.12.1
-
latest non vulnerable version
-
first published
7 years ago
-
latest version published
3 months ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the pipenv package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
pipenv is a Python Development Workflow for Humans. Affected versions of this package are vulnerable to Arbitrary Command Injection. Due to a flaw in pipenv's parsing of requirements files, an attacker can insert a specially crafted string inside a comment anywhere within a According to the requirements file format specification, any lines which begin with a However, due to a flaw in pipenv's parsing of requirements files, an attacker can insert a specially crafted string inside a comment anywhere within a Note: The primary hurdle to successful exploitation of this vulnerability depends on an attacker's ability to surreptitiously insert a specially crafted string into a How to fix Arbitrary Command Injection? Upgrade |
[2018.10.9,2022.1.8)
|