Skip to main content

Safety-relevant information:

Impact of the CVE-2023-31543 vulnerability on our products
I. Vulnerability summary
November 30, 2023

CVE-2023-31543: A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code by uploading a tampered PyPI package to the chosen repository server. This vulnerability affects cases where pipreqs v0.3.0 to v0.4.11 is used.

CWE - CWE-427: Uncontrolled Search Path Element (4.12) (
II. Impact on our products
TA Triumph-Adler products are not affected by this vulnerability.