CVE-2021-3572
- Source
- https://cve.org/CVERecord?id=CVE-2021-3572
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3572.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-3572
- Aliases
- Downstream
- Related
- Published
- 2021-11-10T18:15:09.510Z
- Modified
- 2026-04-16T04:39:53.357710268Z
- Severity
-
- 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
- References
Affected packages
Git / github.com/pypa/pip
Affected versions
0.*
0.3
0.6
0.7
0.7.1
0.8
0.8.2
0.8.3
1.*
1.0
1.2
1.4rc1
1.4rc2
10.*
10.0.0
10.0.1
18.*
18.0
18.1
19.*
19.0
19.0.2
19.1.1
20.*
20.0.2
21.*
21.0
6.*
6.0
9.*
9.0.0
9.0.1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3572.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.3.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "22.1.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "22.1.3"
}
]
}
]