Vulnerabilities > Pypa > PIP > 19.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-25 | CVE-2023-5752 | Command Injection vulnerability in Pypa PIP When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). | 3.3 |
2021-11-10 | CVE-2021-3572 | A flaw was found in python-pip in the way it handled Unicode separators in git references. | 5.7 |