Skip to main content

Uncontrolled Search Path Element


Severity High
Score 9.8/10


A dependency confusion in pipreqs v0.3.0 through v0.4.12 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.

  • LOW
  • HIGH
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-427 - Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Advisory Timeline

  • Published