CVE-2021-3572

Improper Input Validation in pypi/pip

Identifiers

CVE-2021-3572

Package Slug

pypi/pip

Vulnerability

Improper Input Validation

Description

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.

Affected Versions

Version 21.1

Solution

Upgrade to version 21.1.1 or above.

Last Modified

2021-11-18

source