pip suffers from improper input validation. The library does not properly handle unicode separators in git references. An attacker can use this flaw to install a different revision on a repository.

CPENameOperatorVersion
piple21.0.1
piple21.0.1

CPE	Name	Operator	Version
	pip	le	21.0.1
	pip	le	21.0.1

References

bugzilla.redhat.com/show_bug.cgi?id=1962856

github.com/pypa/pip/commit/ca832b2836e0bffa7cf95589acdcd71230f5834e

github.com/pypa/pip/pull/9827

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujul2022.html

nessus 42

osv 10

ubuntucve 1

debiancve 1

suse 7

openvas 26

nvd 1

almalinux 3

oraclelinux 4

cve 1

githubexploit 2

cbl_mariner 1

redhatcve 1

github 1

prion 1

redhat 19

ubuntu 1

cvelist 1

redos 1

f5 1

ibm 9

amazon 1

mageia 1

rocky 2

oracle 2

nessus

RHEL 8 : python-pip (RHSA-2021:4455)

2021-11-11 00:00:00

SUSE SLES12 Security Update : python36-pip (SUSE-SU-2022:0060-1)

2022-01-13 00:00:00

Oracle Linux 7 : python-pip (ELSA-2023-12349)

2023-05-23 00:00:00

osv

BIT-pip-2021-3572

2024-03-06 11:01:55

Low: python-pip security update

2021-11-09 09:24:55

PYSEC-2021-437

2021-11-10 18:15:00

ubuntucve

CVE-2021-3572

2021-11-10 00:00:00

debiancve

CVE-2021-3572

2021-11-10 18:15:09

suse

Security update for python-pip (moderate)

2021-12-13 00:00:00

Security update for python39-pip (moderate)

2022-01-12 00:00:00

Security update for python-pip (moderate)

2021-12-13 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2022:1044-1)

2022-03-31 00:00:00

openSUSE: Security Advisory for python-pip (openSUSE-SU-2021:4001-1)

2022-02-01 00:00:00

openSUSE: Security Advisory for python-pip (openSUSE-SU-2021:4002-1)

2022-02-01 00:00:00

nvd

CVE-2021-3572

2021-11-10 18:15:09

almalinux

Low: python-pip security update

2021-11-09 09:24:55

Moderate: python39:3.9 and python39-devel:3.9 security update

2021-11-09 08:26:25

Moderate: python38:3.8 and python38-devel:3.8 security update

2021-11-09 12:47:54

oraclelinux

python-pip security update

2021-11-16 00:00:00

python-pip security update

2023-05-23 00:00:00

python39:3.9 and python39-devel:3.9 security update

2021-11-16 00:00:00

cve

CVE-2021-3572

2021-11-10 18:15:09

githubexploit

Exploit for Vulnerability in Pypa Pip

2021-06-07 08:36:47

Exploit for Improper Input Validation in Pypa Pip

2022-05-18 10:08:35

cbl_mariner

CVE-2021-3572 affecting package python-pip 19.2-1

2022-05-12 02:16:42

redhatcve

CVE-2021-3572

2021-06-01 00:42:50

github

Improper Input Validation in pip

2021-11-15 17:45:01

prion

Design/Logic Flaw

2021-11-10 18:15:00

redhat

(RHSA-2021:4455) Low: python-pip security update

2021-11-09 09:24:55

(RHSA-2021:4160) Moderate: python39:3.9 and python39-devel:3.9 security update

2021-11-09 08:26:25

(RHSA-2021:4162) Moderate: python38:3.8 and python38-devel:3.8 security update

2021-11-09 12:47:54

ubuntu

pip vulnerability

2022-05-19 00:00:00

cvelist

CVE-2021-3572

2021-11-10 17:55:47

redos

ROS-20230619-05

2023-06-19 00:00:00

K000138628 : python-pip vulnerabilities CVE-2021-3572 and CVE-2023-5752

2024-02-15 00:00:00

ibm

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to urllib3 for python man-in-the-middle and security bypass vulnerabilities( CVE-2021-3572,CVE-2021-28363,)

2023-07-05 21:24:31

Security Bulletin: Pip as used by IBM QRadar Advisor With Watson is vulnerable to multiple vulnerabilities (CVE-2019-20916, CVE-2021-3572, CVE-2018-20225)

2022-06-15 19:07:37

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

2024-06-26 00:42:40

amazon

Medium: python-pip

2022-01-18 21:38:00

mageia

Updated python-pip packages fix security vulnerabilities

2021-07-25 17:45:06

rocky

python39:3.9 and python39-devel:3.9 security update

2021-11-09 08:26:25

python38:3.8 and python38-devel:3.8 security update

2021-11-09 12:47:54

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - April 2022

2022-04-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.001 Low

EPSS

Percentile

28.1%

JSON

Related for VERACODE:32902