MEDIUM 5.7 PyPI
Improper Input Validation in pip
GHSA-5xp3-jfq3-5q8x · CVE-2021-3572 · PYSEC-2021-437
Published · Modified
Description
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-3572
- WEB https://github.com/pypa/pip/pull/9827
- WEB https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b
- WEB https://access.redhat.com/errata/RHSA-2021:3254
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=1962856
- ADVISORY https://github.com/advisories/GHSA-5xp3-jfq3-5q8x
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2021-437.yaml
- PACKAGE https://github.com/pypa/pip
- WEB https://packetstormsecurity.com/files/162712/USN-4961-1.txt
- WEB https://security.netapp.com/advisory/ntap-20240621-0006
- WEB https://www.oracle.com/security-alerts/cpuapr2022.html
- WEB https://www.oracle.com/security-alerts/cpujul2022.html
Ready to move
Start Securing
Free, no credit card | First findings in minutes