A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| pipreqs(PyPI) | 0.3.0 | 0.4.12 | N/A |
CVSS Metrics
