Debian Pipenv vulnerabilities

CVE-2022-21668 [HIGH] CVE-2022-21668: pipenv - pipenv is a Python development workflow tool. Starting with version 2018.10.9 an... pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file to download dependencies