VYPR

rpm package

almalinux/python3-pip

pkg:rpm/almalinux/python3-pip

Vulnerabilities (2)

  • CVE-2021-3572Nov 10, 2021
    affected < 9.0.3-20.el8fixed 9.0.3-20.el8

    A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip

  • CVE-2007-4559CriAug 28, 2007
    affected < 21.2.3-7.el9fixed 21.2.3-7.el9

    Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.