CVE-2022-21668HIGHCVSS 8.6≥ 2018.10.9, < 2022.1.8·v>= 2018.10.9, < 2022.1.82022-01-10
CVE-2022-21668 [HIGH] CWE-20 CVE-2022-21668: pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file to downlo
ghsanvdosv