Skip to main content

Pipreqs

1 CVEs product

Monthly

CVE-2023-31543 PyPI CRITICAL POC PATCH Act Now

A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Pipreqs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Pipreqs
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy