mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-05 10:17:57 +00:00
695 B
695 B
CVE-2023-31543
Description
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.
POC
Reference
- https://gist.github.com/adeadfed/ccc834440af354a5638f889bee34bafe
- https://github.com/bndr/pipreqs/pull/364
Github
No PoCs found on GitHub currently.