Description

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.

Related CPE's

a

pypa

pip

Vulnerable

a

oracle

agile_plm

9.3.6

Vulnerable

a

oracle

communications_cloud_native_core_network_function_cloud_native_environment

2

a

oracle

communications_cloud_native_core_policy

2

References

https://bugzilla.redhat.com/show_bug.cgi?id=1962856

Issue TrackingPatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20240621-0006/

https://www.oracle.com/security-alerts/cpuapr2022.html

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

PatchThird Party Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

[email protected]

Secondary
CWE-20

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

5.7 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-11-10T18:15:09.510

3 years ago

Last modified

2024-06-21T19:15:20.040

10 months ago