Skip to main content

Safety-relevant information:

Impact of the CVE-2023-31543 vulnerability on our products
I. Vulnerability summary
Publication:
November 30, 2023

​​​​​​​Description:
CVE-2023-31543: A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code by uploading a tampered PyPI package to the chosen repository server. This vulnerability affects cases where pipreqs v0.3.0 to v0.4.11 is used.

CWE - CWE-427: Uncontrolled Search Path Element (4.12) (mitre.org)
II. Impact on our products
TA Triumph-Adler products are not affected by this vulnerability.