rpm package
almalinux/python3-pip
pkg:rpm/almalinux/python3-pip
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3572 | — | < 9.0.3-20.el8 | 9.0.3-20.el8 | Nov 10, 2021 | A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip | ||
| CVE-2007-4559 | Cri | 9.8 | < 21.2.3-7.el9 | 21.2.3-7.el9 | Aug 28, 2007 | Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. |
- CVE-2021-3572Nov 10, 2021affected < 9.0.3-20.el8fixed 9.0.3-20.el8
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip
- affected < 21.2.3-7.el9fixed 21.2.3-7.el9
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.