Skip to main content

    Vulnerability pipreqs

    Safety-relevant information:

    Impact of the CVE-2023-31543 vulnerability on our products

    I. Vulnerability summary

    Publication:
    November 30, 2023

    Description:
    CVE-2023-31543: A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code by uploading a tampered PyPI package to the chosen repository server. This vulnerability affects cases where pipreqs v0.3.0 to v0.4.11 is used.

    CWE - CWE-427: Uncontrolled Search Path Element (4.12) (mitre.org)

    II. Impact on our products

    TA Triumph-Adler products are not affected by this vulnerability.