Improper Input Validation in pip
Moderate severity
GitHub Reviewed
Published
Nov 15, 2021
to the GitHub Advisory Database
•
Updated Jun 21, 2024
Description
Published by the National Vulnerability Database
Nov 10, 2021
Reviewed
Nov 12, 2021
Published to the GitHub Advisory Database
Nov 15, 2021
Last updated
Jun 21, 2024
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
References