PYSEC-2021-437 — Vulnetix

PYSEC-2021-437 PUBLISHED

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.

Affected Products

Vendor	Product	Versions
PyPI	pip	0, 0.2, 0.4

Timeline

Nov 10, 2021 CVE Published
Mar 24, 2026 CVE Updated

References

https://bugzilla.redhat.com/show_bug.cgi?id=1962856 report
https://github.com/advisories/GHSA-5xp3-jfq3-5q8x advisory

Open in Interactive Console →