USN-4961-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-4961-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4961-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-4961-1

Published

2021-05-19T10:47:21Z

Modified

2026-02-10T04:42:12Z

Summary

python-pip vulnerability

Details

It was discovered that pip incorrectly handled unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository.

References

Affected packages

Ubuntu:20.04:LTS / python-pip

Package

Name: python-pip
Purl: pkg:deb/ubuntu/python-pip@20.0.2-5ubuntu1.5?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.0.2-5ubuntu1.5

Affected versions

18.*

18.1-5

18.1-5build1

18.1-5ubuntu1

20.*

20.0.2-2

20.0.2-4

20.0.2-5

20.0.2-5ubuntu1

20.0.2-5ubuntu1.1

20.0.2-5ubuntu1.3

20.0.2-5ubuntu1.4

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "20.0.2-5ubuntu1.5",
            "binary_name": "python-pip-whl"
        },
        {
            "binary_version": "20.0.2-5ubuntu1.5",
            "binary_name": "python3-pip"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map

{
    "cves": [],
    "ecosystem": "Ubuntu:20.04:LTS"
}

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4961-1.json"