CVE-2023-5752 Overview
CVE-2023-5752 is a command injection vulnerability in pip, the Python package installer, that affects versions prior to v23.3. When installing a package from a Mercurial VCS URL (e.g., pip install hg+...), the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call via the --config parameter. By controlling the Mercurial configuration, an attacker can modify how and which repository is installed, potentially leading to supply chain attacks or installation of malicious code.
Critical Impact
Attackers can inject arbitrary Mercurial configuration options during package installation, potentially redirecting repository sources or modifying installation behavior to introduce malicious code into development environments.
Affected Products
- pypa pip (versions prior to v23.3)
Discovery Timeline
- 2023-10-25 - CVE-2023-5752 published to NVD
- 2025-11-03 - Last updated in NVD database
Technical Details for CVE-2023-5752
Vulnerability Analysis
This vulnerability is classified as CWE-77 (Command Injection), where user-controllable input is passed to a system command without proper sanitization. The flaw exists in pip's handling of Mercurial VCS URLs during package installation. When a user specifies a Mercurial repository URL with a revision parameter, pip constructs a command-line call to hg clone without adequately validating or escaping the revision string. This allows specially crafted revision parameters to break out of their intended context and inject additional --config options into the Mercurial command execution.
The vulnerability requires local access, as an attacker would need to convince a user to install a package from a malicious Mercurial URL or craft a requirements.txt file containing the malicious URL. While the impact is limited to integrity modifications (no direct confidentiality or availability impact), the potential for supply chain compromise makes this vulnerability noteworthy for development environments.
Root Cause
The root cause lies in insufficient input validation of the revision parameter in Mercurial VCS URLs. When pip processes URLs in the format hg+https://example.com/repo@revision, the revision portion is passed directly to the hg clone command without proper sanitization. This allows injection of Mercurial configuration options through crafted revision strings containing --config directives, enabling attackers to override default Mercurial behavior during the clone operation.
Attack Vector
The attack requires local access and low privileges to execute. An attacker can craft a malicious Mercurial VCS URL that includes injected configuration options in the revision field. When a victim executes pip install with this URL—either directly via command line or through a poisoned requirements.txt file—the injected configuration options are passed to the underlying hg clone command.
The malicious URL format would embed configuration options after the revision specifier. By injecting Mercurial configuration options, an attacker could potentially redirect the repository source, modify hook scripts that execute during clone operations, or alter other critical Mercurial behaviors. This represents a supply chain attack vector where developers could unknowingly install compromised packages.
Detection Methods for CVE-2023-5752
Indicators of Compromise
- Presence of Mercurial VCS URLs in requirements.txt or pip install commands containing unusual characters or --config strings in the revision field
- Unexpected hg clone command executions with non-standard configuration parameters in process logs
- Package installations from Mercurial sources that result in different content than expected from the specified repository
Detection Strategies
- Monitor pip installation logs for VCS URLs containing suspicious revision parameters with embedded command options
- Implement static analysis of requirements.txt files in CI/CD pipelines to detect potentially malicious Mercurial URLs
- Use SentinelOne Singularity to detect anomalous command-line arguments passed to hg processes during pip operations
Monitoring Recommendations
- Enable verbose logging for pip operations in development and build environments to capture full command execution details
- Implement network monitoring to detect connections to unexpected Mercurial repositories during package installation
- Configure security tools to alert on pip processes spawning hg clone commands with --config arguments
How to Mitigate CVE-2023-5752
Immediate Actions Required
- Upgrade pip to version 23.3 or later using pip install --upgrade pip
- Audit existing requirements.txt files and pip install scripts for Mercurial VCS URLs
- Avoid installing packages directly from Mercurial VCS URLs from untrusted sources until systems are patched
Patch Information
The vulnerability has been addressed in pip version 23.3 and later. The fix is documented in GitHub Pull Request #12306, which implements proper sanitization of revision parameters to prevent configuration injection. The Python Security Announcement provides official notification details. Distribution-specific patches are available through Fedora and Debian LTS security advisories.
Workarounds
- If upgrading is not immediately possible, avoid using Mercurial VCS URLs for package installation entirely
- Use only packages from PyPI or other trusted package indexes rather than VCS sources
- Implement strict code review processes for any requirements.txt changes that introduce VCS URLs
# Upgrade pip to the patched version
pip install --upgrade pip>=23.3
# Verify pip version after upgrade
pip --version
# Alternative: Use pipx for isolated pip upgrades
pipx upgrade pip
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
