Build: #4 failed
Job: Check For Known Vulnerabilities ManyLinux2014 Python 3.8 failed
V 22 3 1: Test case result
The below summarizes the result of the test "V 22 3 1" in build 4 of CASA - Release Engineering Cmake Package Audit - Vulnerability - Check For Known Vulnerabilities ManyLinux2014 Python 3.8.
- Description
- V 22 3 1
- Test class
- pip
- Method
- v_22_3_1
- Duration
- < 1 sec
- Status
- Failed (Existing Failure)
Error Log
When installing a package from a Mercurial VCS URL (ie pip install hg+...) with pip prior to v23.3 the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (ie --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who arent installing from Mercurial. When installing a package from a Mercurial VCS URL (ie pip install hg+...) with pip prior to v23.3 the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (ie --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who arent installing from Mercurial.