Check Packages for Installed Malicious Packages
Build: #72 failed
Job: Check For Known Vulnerabilities ManyLinux228 Python 3.10 failed
V 22 3 1: Test case result
The below summarizes the result of the test "V 22 3 1" in build 72 of CASA - Cmake Package Audit - Check For Known Vulnerabilities ManyLinux228 Python 3.10.
- Description
- V 22 3 1
- Test class
- pip
- Method
- v_22_3_1
- Duration
- < 1 sec
- Status
- Failed (New Failure)
Error Log
When installing a package from a Mercurial VCS URL (ie pip install hg+...) with pip prior to v23.3 the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (ie --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who arent installing from Mercurial. When installing a package from a Mercurial VCS URL (ie pip install hg+...) with pip prior to v23.3 the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (ie --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who arent installing from Mercurial.