CVE-2023-31543
Published
CVSS v3
9.8
CRITICAL
CVSS v2
N/A
Affected
1
PROJECT
Description
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.
pipreqs - Generate pip requirements.txt file based on imports of any project. Looking for maintainers to move this project forward.
GitHub