Skip to main content

Vulnerability pipreqs

Safety-relevant information:

Impact of the CVE-2023-31543 vulnerability on our products

I. Vulnerability summary

Publication:
November 30, 2023

Description:
CVE-2023-31543: A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code by uploading a tampered PyPI package to the chosen repository server. This vulnerability affects cases where pipreqs v0.3.0 to v0.4.11 is used.

CWE - CWE-427: Uncontrolled Search Path Element (4.12) (mitre.org)

II. Impact on our products

TA Triumph-Adler products are not affected by this vulnerability.