Django REST framework
Api Root
Package List
Package Instance
Format
json
api
admin
Package Instance
Lookup for vulnerable packages by Package URL.
Purl
pkg:pypi/pipreqs@0.3.3
Type
pypi
Namespace
Name
pipreqs
Version
0.3.3
Qualifiers
Subpath
Is_vulnerable
true
Next_non_vulnerable_version
0.4.12
Latest_non_vulnerable_version
0.4.12
Affected_by_vulnerabilities
0
url
VCID-pwqn-gvnb-fka5
vulnerability_id
VCID-pwqn-gvnb-fka5
summary
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.
references
0
reference_url
https://gist.github.com/adeadfed/ccc834440af354a5638f889bee34bafe
reference_id
reference_type
scores
url
https://gist.github.com/adeadfed/ccc834440af354a5638f889bee34bafe
1
reference_url
https://github.com/bndr/pipreqs
reference_id
reference_type
scores
url
https://github.com/bndr/pipreqs
2
reference_url
https://github.com/bndr/pipreqs/blob/master/pipreqs/pipreqs.py#L447-L449
reference_id
reference_type
scores
url
https://github.com/bndr/pipreqs/blob/master/pipreqs/pipreqs.py#L447-L449
3
reference_url
https://github.com/bndr/pipreqs/commit/3f5964fcb90ec6eb6df46d78e651a1b73538d0ba
reference_id
reference_type
scores
url
https://github.com/bndr/pipreqs/commit/3f5964fcb90ec6eb6df46d78e651a1b73538d0ba
4
reference_url
https://github.com/bndr/pipreqs/pull/364
reference_id
reference_type
scores
url
https://github.com/bndr/pipreqs/pull/364
5
reference_url
https://github.com/pypa/advisory-database/tree/main/vulns/pipreqs/PYSEC-2023-99.yaml
reference_id
reference_type
scores
url
https://github.com/pypa/advisory-database/tree/main/vulns/pipreqs/PYSEC-2023-99.yaml
6
reference_url
https://nvd.nist.gov/vuln/detail/CVE-2023-31543
reference_id
CVE-2023-31543
reference_type
scores
url
https://nvd.nist.gov/vuln/detail/CVE-2023-31543
7
reference_url
https://github.com/advisories/GHSA-v4f4-23wc-99mh
reference_id
GHSA-v4f4-23wc-99mh
reference_type
scores
url
https://github.com/advisories/GHSA-v4f4-23wc-99mh
fixed_packages
0
url
pkg:pypi/pipreqs@0.4.12
purl
pkg:pypi/pipreqs@0.4.12
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:pypi/pipreqs@0.4.12
aliases
CVE-2023-31543, GHSA-v4f4-23wc-99mh, PYSEC-2023-99
risk_score
null
exploitability
null
weighted_severity
null
resource_url
http://public2.vulnerablecode.io/vulnerabilities/VCID-pwqn-gvnb-fka5
Fixing_vulnerabilities
Risk_score
null
Resource_url
http://public2.vulnerablecode.io/packages/pkg:pypi/pipreqs@0.3.3
×
Create
None
×
Edit
None