Lucene search
GoogleOSV:GHSA-5XP3-JFQ3-5Q8XHistoryNov 15, 2021 - 5:45 p.m.
Improper Input Validation in pip
2021-11-1517:45:01
Google
osv.dev
17
python-pip
input validation
remote attacker
data integrity
vulnerability
software security
EPSS
0.001
Percentile
28.0%
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
References
access.redhat.com/errata/RHSA-2021:3254
bugzilla.redhat.com/show_bug.cgi?id=1962856
github.com/pypa/pip
github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b
github.com/pypa/pip/pull/9827
nvd.nist.gov/vuln/detail/CVE-2021-3572
packetstormsecurity.com/files/162712/USN-4961-1.txt
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujul2022.html
Related
nessus
nessus
EulerOS Virtualization 2.9.1 : python-pip (EulerOS-SA-2021-2761)
2021-11-17 00:00:00
SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2022:0942-1)
2022-03-25 00:00:00
EulerOS Virtualization 3.0.6.0 : python-pip (EulerOS-SA-2022-1091)
2022-02-12 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:4001-1)
2021-12-14 00:00:00
openSUSE: Security Advisory for python39-pip (openSUSE-SU-2022:0064-1)
2022-02-01 00:00:00
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2021-2796)
2021-11-17 00:00:00
suse
suse
Security update for python39-pip (moderate)
2022-01-12 00:00:00
Security update for python-pip (moderate)
2021-12-13 00:00:00
Security update for python3 (moderate)
2022-03-24 00:00:00
almalinux
almalinux
Low: python-pip security update
2021-11-09 09:24:55
Moderate: python39:3.9 and python39-devel:3.9 security update
2021-11-09 08:26:25
Moderate: python38:3.8 and python38-devel:3.8 security update
2021-11-09 12:47:54
cve
cve
CVE-2021-3572
2021-11-10 18:15:09
oraclelinux
oraclelinux
python-pip security update
2021-11-16 00:00:00
python-pip security update
2023-05-23 00:00:00
python39:3.9 and python39-devel:3.9 security update
2021-11-16 00:00:00
veracode
veracode
Improper Input Validation
2021-11-11 04:14:11
ubuntucve
ubuntucve
CVE-2021-3572
2021-11-10 00:00:00
osv
osv
BIT-pip-2021-3572
2024-03-06 11:01:55
Low: python-pip security update
2021-11-09 09:24:55
CVE-2021-3572
2021-11-10 18:15:09
debiancve
debiancve
CVE-2021-3572
2021-11-10 18:15:09
nvd
nvd
CVE-2021-3572
2021-11-10 18:15:09
redhatcve
redhatcve
CVE-2021-3572
2021-06-01 00:42:50
prion
prion
Design/Logic Flaw
2021-11-10 18:15:00
github
github
Improper Input Validation in pip
2021-11-15 17:45:01
cbl_mariner
cbl_mariner
CVE-2021-3572 affecting package python-pip 19.2-1
2022-05-12 02:16:42
githubexploit
githubexploit
Exploit for Vulnerability in Pypa Pip
2021-06-07 08:36:47
Exploit for Improper Input Validation in Pypa Pip
2022-05-18 10:08:35
ubuntu
ubuntu
pip vulnerability
2022-05-19 00:00:00
cvelist
cvelist
CVE-2021-3572
2021-11-10 17:55:47
redhat
redhat
(RHSA-2021:4455) Low: python-pip security update
2021-11-09 09:24:55
redos
redos
ROS-20230619-05
2023-06-19 00:00:00
amazon
amazon
Medium: python-pip
2022-01-18 21:38:00
f5
f5
K000138628 : python-pip vulnerabilities CVE-2021-3572 and CVE-2023-5752
2024-02-15 00:00:00
ibm
ibm
mageia
mageia
Updated python-pip packages fix security vulnerabilities
2021-07-25 17:45:06
rocky
rocky
python39:3.9 and python39-devel:3.9 security update
2021-11-09 08:26:25
python38:3.8 and python38-devel:3.8 security update
2021-11-09 12:47:54
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00