PT-2021-7824 · Unknown+9 · Python-Pip+9

Published

2021-04-24

·

Updated

2025-09-29

·

CVE-2021-3572

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions python-pip versions prior to 21.1
Description A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.
Recommendations For python-pip versions prior to 21.1, update to version 21.1 to resolve the issue. As a temporary workaround, consider restricting the use of git references with Unicode separators until a patch is available.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2021:4160
ALSA-2021:4162
ALSA-2021:4455
ALSA-2021_4455
ALSA-2025_16880
ALT-PU-2021-1772
BDU:2023-03310
BIT-PIP-2021-3572
CESA-2021_4160
CESA-2021_4162
CESA-2021_4455
CVE-2021-3572
GHSA-5XP3-JFQ3-5Q8X
MGASA-2021-0371
OESA-2021-1284
OPENSUSE-SU-2021:1598-1
OPENSUSE-SU-2021:4001-1
OPENSUSE-SU-2021:4002-1
OPENSUSE-SU-2021_1598-1
OPENSUSE-SU-2021_4001-1
OPENSUSE-SU-2021_4002-1
OPENSUSE-SU-2022:0064-1
OPENSUSE-SU-2022:0942-1
OPENSUSE-SU-2022:1091-1
OPENSUSE-SU-2022_0064-1
OPENSUSE-SU-2022_0942-1
OPENSUSE-SU-2022_1091-1
OPENSUSE-SU-2022_1485-1
OPENSUSE-SU-2024:11877-1
OPENSUSE-SU-2024:11878-1
OPENSUSE-SU-2024:12150-1
PYSEC-2021-437
RHSA-2021:3254
RHSA-2021:4160
RHSA-2021:4162
RHSA-2021:4455
RHSA-2021_4160
RHSA-2021_4162
RHSA-2021_4455
RLSA-2021:4160
RLSA-2021:4162
SUSE-SU-2021:2304-1
SUSE-SU-2021:2441-1
SUSE-SU-2021:4001-1
SUSE-SU-2021:4002-1
SUSE-SU-2021:4051-1
SUSE-SU-2021_4001-1
SUSE-SU-2021_4002-1
SUSE-SU-2021_4051-1
SUSE-SU-2022:0060-1
SUSE-SU-2022:0064-1
SUSE-SU-2022:0942-1
SUSE-SU-2022:0942-2
SUSE-SU-2022:1044-1
SUSE-SU-2022:1091-1
SUSE-SU-2022:1094-1
SUSE-SU-2022:1485-1
SUSE-SU-2022:2351-1
SUSE-SU-2022_0060-1
SUSE-SU-2022_0064-1
SUSE-SU-2022_0942-1
SUSE-SU-2022_1044-1
SUSE-SU-2022_1091-1
SUSE-SU-2022_1094-1
SUSE-SU-2022_1485-1
USN-4961-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Python-Pip