Improper Input Validation in pip
High severity
GitHub Reviewed
Published
Nov 15, 2021
to the GitHub Advisory Database
•
Updated Oct 11, 2024
Description
Published by the National Vulnerability Database
Nov 10, 2021
Reviewed
Nov 12, 2021
Published to the GitHub Advisory Database
Nov 15, 2021
Last updated
Oct 11, 2024
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
References