CVE-2021-3572
published 2021-11-10CVE-2021-3572: A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a…
medium5.7CVSS 3.1
AVNACLPRLUIRSUCNIHAN
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-pip | < python-pip 20.3.4-2 (bookworm) | python-pip 20.3.4-2 (bookworm) |
| msrc | cbl2_python-virtualenv_20.26.6-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_python-pip_19.2-2_on_cbl_mariner_1.0 | — | — |
| oracle | agile_plm | — | — |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | — | — |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | — | — |
| oracle | communications_cloud_native_core_policy | — | — |
| oracle | communications_cloud_native_core_policy | — | — |
| paloalto | pan-os | — | — |
| pypa | pip | < 21.1 | 21.1 |
| pypa | pip | >= 0 < 21.1 | 21.1 |
CVSS provenance
nvdv3.15.7MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
osv5.7MEDIUM