{"vulnerability": "CVE-2023-5752", "sightings": [{"uuid": "1e4e4f1a-a4c6-4a86-8e00-99df90970db7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-5752", "type": "seen", "source": "https://t.me/arpsyndicate/2667", "content": "#ExploitObserverAlert\n\nCVE-2023-5752\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-5752. When installing a package from a Mercurial VCS URL  (ie \"pip install  hg+...\") with pip prior to v23.3, the specified Mercurial revision could  be used to inject arbitrary configuration options to the \"hg clone\"  call (ie \"--config\"). Controlling the Mercurial configuration can modify  how and which repository is installed. This vulnerability does not  affect users who aren't installing from Mercurial.\n\nFIRST-EPSS: 0.000430000\nNVD-IS: 1.4\nNVD-ES: 1.8", "creation_timestamp": "2024-01-08T18:45:57.000000Z"}]}