Описание
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.
Отчет
This flaw has been rated as having a security impact of Low. To exploit this flaw, the attacker needs access to the repository to create a specially crafted tag and force a different revision to be installed.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | python-pip | Out of support scope | ||
| Red Hat Enterprise Linux 7 | python-virtualenv | Out of support scope | ||
| Red Hat Enterprise Linux 8 | gimp:flatpak/python2-pip | Not affected | ||
| Red Hat Enterprise Linux 8 | inkscape:flatpak/python2-pip | Fix deferred | ||
| Red Hat Enterprise Linux 8 | python27:2.7/python2-pip | Not affected | ||
| Red Hat Enterprise Linux 9 | python-pip | Affected | ||
| Red Hat Software Collections | python27-python-pip | Not affected | ||
| Red Hat Software Collections | python27-python-virtualenv | Not affected | ||
| Red Hat Enterprise Linux 8 | python39 | Fixed | RHSA-2021:4160 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | python39-devel | Fixed | RHSA-2021:4160 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
4.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
A flaw was found in python-pip in the way it handled Unicode separator ...
4.5 Medium
CVSS3