Path to vulnerable library: /awscli-bundle/packages/virtualenv-16.7.8.tar/virtualenv-16.7.8/virtualenv_support/pip-19.3.1-py2.py3-none-any.whl,/awscli-bundle/awscli-bundle/packages/virtualenv-16.7.8.tar/virtualenv-16.7.8/virtualenv_support/pip-19.3.1-py2.py3-none-any.whl
Path to vulnerable library: /awscli-bundle/awscli-bundle/packages/virtualenv-16.7.8.tar/virtualenv-16.7.8/tests/old-wheels/pip-9.0.1-py2.py3-none-any.whl,/awscli-bundle/packages/virtualenv-16.7.8.tar/virtualenv-16.7.8/tests/old-wheels/pip-9.0.1-py2.py3-none-any.whl
Path to vulnerable library: /awscli-bundle/packages/virtualenv-16.7.8.tar/virtualenv-16.7.8/virtualenv_support/pip-19.1.1-py2.py3-none-any.whl,/awscli-bundle/awscli-bundle/packages/virtualenv-16.7.8.tar/virtualenv-16.7.8/virtualenv_support/pip-19.1.1-py2.py3-none-any.whl
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
CVE-2021-3572 - Medium Severity Vulnerability
pip-19.3.1-py2.py3-none-any.whl
The PyPA recommended tool for installing Python packages.
Library home page: https://files.pythonhosted.org/packages/00/b6/9cfa56b4081ad13874b0c6f96af8ce16cfbc1cb06bedf8e9164ce5551ec1/pip-19.3.1-py2.py3-none-any.whl
Path to vulnerable library: /awscli-bundle/packages/virtualenv-16.7.8.tar/virtualenv-16.7.8/virtualenv_support/pip-19.3.1-py2.py3-none-any.whl,/awscli-bundle/awscli-bundle/packages/virtualenv-16.7.8.tar/virtualenv-16.7.8/virtualenv_support/pip-19.3.1-py2.py3-none-any.whl
Dependency Hierarchy: - :x: **pip-19.3.1-py2.py3-none-any.whl** (Vulnerable Library)
pip-9.0.1-py2.py3-none-any.whl
The PyPA recommended tool for installing Python packages.
Library home page: https://files.pythonhosted.org/packages/b6/ac/7015eb97dc749283ffdec1c3a88ddb8ae03b8fad0f0e611408f196358da3/pip-9.0.1-py2.py3-none-any.whl
Path to vulnerable library: /awscli-bundle/awscli-bundle/packages/virtualenv-16.7.8.tar/virtualenv-16.7.8/tests/old-wheels/pip-9.0.1-py2.py3-none-any.whl,/awscli-bundle/packages/virtualenv-16.7.8.tar/virtualenv-16.7.8/tests/old-wheels/pip-9.0.1-py2.py3-none-any.whl
Dependency Hierarchy: - :x: **pip-9.0.1-py2.py3-none-any.whl** (Vulnerable Library)
pip-19.1.1-py2.py3-none-any.whl
The PyPA recommended tool for installing Python packages.
Library home page: https://files.pythonhosted.org/packages/5c/e0/be401c003291b56efc55aeba6a80ab790d3d4cece2778288d65323009420/pip-19.1.1-py2.py3-none-any.whl
Path to vulnerable library: /awscli-bundle/packages/virtualenv-16.7.8.tar/virtualenv-16.7.8/virtualenv_support/pip-19.1.1-py2.py3-none-any.whl,/awscli-bundle/awscli-bundle/packages/virtualenv-16.7.8.tar/virtualenv-16.7.8/virtualenv_support/pip-19.1.1-py2.py3-none-any.whl
Dependency Hierarchy: - :x: **pip-19.1.1-py2.py3-none-any.whl** (Vulnerable Library)
Found in HEAD commit: de1c2b0d1a23367b161c2d995029f9693bd8a155
Found in base branch: master
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
Publish Date: 2021-11-10
URL: CVE-2021-3572
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://security.archlinux.org/CVE-2021-3572
Release Date: 2021-11-10
Fix Resolution: 21.1
Step up your Open Source Security Game with Mend here