← Back

CVE-2021-3572

nvd nist
Published: Nov 10, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.7
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Exploitability: 2.1 / Impact: 3.6
Source: NVD

Description

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.

Affected (6)

Pypa
1 product
Pip
Oracle
3 products
Agile Plm
Communications Cloud Native Core Network Function Cloud Native Environment
Communications Cloud Native Core Policy
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Pip
Before 21.1
Configuration B
5 vulnerable
Vulnerable SoftwareAffected Versions
Agile Plm
Version 9.3.6
Oracle
Communications Cloud Native Core Network Function Cloud Native Environment
Version 1.10.0
Communications Cloud Native Core Network Function Cloud Native Environment
Version 22.1.0
Oracle
Communications Cloud Native Core Policy
Version 1.15.0
Communications Cloud Native Core Policy
Version 22.1.3

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
PatchThird Party Advisory
Source: secalert@redhat.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.