{"url":"http://public2.vulnerablecode.io/api/packages/34268?format=json","purl":"pkg:pypi/pipreqs@0.3.3","type":"pypi","namespace":"","name":"pipreqs","version":"0.3.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.4.12","latest_non_vulnerable_version":"0.4.12","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36469?format=json","vulnerability_id":"VCID-pwqn-gvnb-fka5","summary":"A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.","references":[{"reference_url":"https://gist.github.com/adeadfed/ccc834440af354a5638f889bee34bafe","reference_id":"","reference_type":"","scores":[],"url":"https://gist.github.com/adeadfed/ccc834440af354a5638f889bee34bafe"},{"reference_url":"https://github.com/bndr/pipreqs","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bndr/pipreqs"},{"reference_url":"https://github.com/bndr/pipreqs/blob/master/pipreqs/pipreqs.py#L447-L449","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bndr/pipreqs/blob/master/pipreqs/pipreqs.py#L447-L449"},{"reference_url":"https://github.com/bndr/pipreqs/commit/3f5964fcb90ec6eb6df46d78e651a1b73538d0ba","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bndr/pipreqs/commit/3f5964fcb90ec6eb6df46d78e651a1b73538d0ba"},{"reference_url":"https://github.com/bndr/pipreqs/pull/364","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bndr/pipreqs/pull/364"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pipreqs/PYSEC-2023-99.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pipreqs/PYSEC-2023-99.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31543","reference_id":"CVE-2023-31543","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31543"},{"reference_url":"https://github.com/advisories/GHSA-v4f4-23wc-99mh","reference_id":"GHSA-v4f4-23wc-99mh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v4f4-23wc-99mh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34287?format=json","purl":"pkg:pypi/pipreqs@0.4.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pipreqs@0.4.12"}],"aliases":["CVE-2023-31543","GHSA-v4f4-23wc-99mh","PYSEC-2023-99"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pwqn-gvnb-fka5"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pipreqs@0.3.3"}