CVE-2023-5752 in pip
Summary
by MITRE • 10/25/2023
When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 11/03/2025
This vulnerability exists in pip versions prior to 23.3 and specifically affects the installation of packages from Mercurial version control system URLs. The flaw occurs when users execute pip install commands using the hg+ protocol prefix, which instructs pip to clone repositories from Mercurial sources. The vulnerability stems from insufficient input validation and sanitization of Mercurial revision identifiers during the package installation process. When a user specifies a Mercurial revision in the URL, the system fails to properly escape or validate this input before passing it to the underlying hg clone command, creating a potential injection vector for malicious configuration options.
The technical exploitation of this vulnerability involves manipulating the Mercurial revision parameter to inject additional command-line arguments that are passed directly to the hg clone command. Attackers can leverage this by crafting malicious revision identifiers that contain configuration options such as --config, which allows them to modify how the Mercurial client operates. This configuration injection can potentially redirect the repository cloning process, alter authentication mechanisms, or modify network behavior to point to malicious repositories instead of the intended source. The vulnerability is particularly concerning because it operates at the installation layer, meaning it can affect any package installation from Mercurial sources without requiring additional user interaction beyond the initial pip install command.
The operational impact of this vulnerability extends beyond simple code injection, as it can lead to supply chain compromise and unauthorized code execution. An attacker who controls a Mercurial repository or can manipulate the repository URL can redirect package installations to malicious code repositories, potentially leading to the installation of backdoors, malware, or other harmful components. This represents a significant risk in environments where pip is used to install packages from untrusted sources or where developers have access to multiple repositories. The vulnerability does not affect users who do not install packages from Mercurial sources, but it impacts all legitimate users who utilize the hg+ protocol for package management. This type of vulnerability aligns with CWE-74, which describes improper neutralization of special elements in data within the context of a command, and can be categorized under ATT&CK technique T1133 for external remote services and T1068 for exploit for privilege escalation through command injection.
Organizations and developers should immediately upgrade to pip version 23.3 or later to mitigate this vulnerability, as the fix addresses the root cause by implementing proper input sanitization and validation for Mercurial revision identifiers. Additional mitigations include restricting pip installation from untrusted sources, implementing proper repository access controls, and monitoring package installation logs for suspicious activity. Security teams should also consider implementing network-level controls to prevent connections to unauthorized Mercurial repositories and establish secure development practices that minimize reliance on external VCS sources. The vulnerability demonstrates the importance of validating and sanitizing all user-provided inputs in package management systems, particularly when these inputs are passed to underlying system commands that can execute with elevated privileges.