Showing 1 - 1 of 1

CVE-2023-5752

Status Candidate

Overview

When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.

Related Files

Red Hat Security Advisory 2024-3781-03: Posted Jun 11, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-3781-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include HTTP request smuggling, buffer overflow, code execution, cross site scripting, denial of service, memory exhaustion, null pointer, and password leak vulnerabilities.; tags | advisory, web, denial of service, overflow, vulnerability, code execution, xss; systems | linux, redhat; advisories | CVE-2023-5752; SHA-256 | 97582fd49f5e2d746ce75f2c7f0477643a47ef5538d5de3b9d00c3c7df43d95b; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 256 files
indoushka 106 files
Ubuntu 86 files
Gentoo 32 files
Debian 21 files
LiquidWorm 19 files
Google Security Research 8 files
malvuln 5 files
Emiliano Febbi 4 files
Seth Jenkins 3 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,145)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,636)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,102)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,938)
UNIX (9,470)
UnixWare (188)
Windows (6,784)
Other

CVE-2023-5752

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems