Slvignesh05

**Name of the Vulnerable Software and Affected Versions** PyVista version 0.46.3 **Description** PyVista, a software for 3D plotting and mesh analysis using the Visualization Toolkit (VTK), is susceptible to remote code execution through a dependency confusion issue. The software’s use of the `--extra-index-url` option in pip, combined with a package not published on PyPI, creates a vulnerability. An attacker could publish a malicious package with a higher version number on PyPI, potentially leading to the execution of attacker-controlled code and a supply chain attack. The `--extra-index-url` parameter allows pip to check for packages in an external index after checking the PyPI index. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.