CVE-2021-3572
Description
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
Risk Information
Base Score
5.7
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.24
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1.7 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.1 | Windows |
| Vulnerabilities CVE-2021-3572 are fixed in Python-pip 21.1 | Windows |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python-lxml-debugsource-4.4.1-6.module+el8.5.0+10542+ba057329.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-babel-2.7.0-11.module+el8.5.0+11015+9c1c7c42.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-debug-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-debugsource-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-devel-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-idle-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-jinja2-2.10.3-5.module+el8.5.0+10542+ba057329.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-lxml-4.4.1-6.module+el8.5.0+10542+ba057329.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-numpy-doc-1.17.3-6.module+el8.5.0+12205+a865257a.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-rpm-macros-3.8.8-4.module+el8.5.0+12205+a865257a.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-test-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-tkinter-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-urllib3-1.25.7-5.module+el8.5.0+11639+ea5b349d.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-wheel-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm | Linux |
| SUSE-SU-2022:0060-1(SUSE Linux Enterprise Server 12-SP5 ) python36-pip-20.2.4-8.9.1.noarch.rpm | Linux |
| SUSE-SU-2022:1044-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_4m1_0-3.4.10-25.88.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1044-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_4m1_0-32bit-3.4.10-25.88.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1044-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_4m1_0-debuginfo-3.4.10-25.88.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1044-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_4m1_0-debuginfo-32bit-3.4.10-25.88.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1044-1(SUSE Linux Enterprise Server 12-SP5 ) python3-3.4.10-25.88.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1044-1(SUSE Linux Enterprise Server 12-SP5 ) python3-base-3.4.10-25.88.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1044-1(SUSE Linux Enterprise Server 12-SP5 ) python3-base-debuginfo-3.4.10-25.88.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1044-1(SUSE Linux Enterprise Server 12-SP5 ) python3-base-debuginfo-32bit-3.4.10-25.88.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1044-1(SUSE Linux Enterprise Server 12-SP5 ) python3-base-debugsource-3.4.10-25.88.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1044-1(SUSE Linux Enterprise Server 12-SP5 ) python3-curses-3.4.10-25.88.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1044-1(SUSE Linux Enterprise Server 12-SP5 ) python3-curses-debuginfo-3.4.10-25.88.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1044-1(SUSE Linux Enterprise Server 12-SP5 ) python3-debuginfo-3.4.10-25.88.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1044-1(SUSE Linux Enterprise Server 12-SP5 ) python3-debugsource-3.4.10-25.88.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1044-1(SUSE Linux Enterprise Server 12-SP5 ) python3-devel-3.4.10-25.88.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1044-1(SUSE Linux Enterprise Server 12-SP5 ) python3-devel-debuginfo-3.4.10-25.88.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1044-1(SUSE Linux Enterprise Server 12-SP5 ) python3-tk-3.4.10-25.88.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1044-1(SUSE Linux Enterprise Server 12-SP5 ) python3-tk-debuginfo-3.4.10-25.88.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1094-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-3.6.15-21.4.x86_64.rpm | Linux |
| SUSE-SU-2022:1094-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-32bit-3.6.15-21.4.x86_64.rpm | Linux |
| SUSE-SU-2022:1094-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-debuginfo-3.6.15-21.4.x86_64.rpm | Linux |
| SUSE-SU-2022:1094-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-debuginfo-32bit-3.6.15-21.4.x86_64.rpm | Linux |
| SUSE-SU-2022:1094-1(SUSE Linux Enterprise Server 12-SP5 ) python36-3.6.15-21.5.x86_64.rpm | Linux |
| SUSE-SU-2022:1094-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-3.6.15-21.4.x86_64.rpm | Linux |
| SUSE-SU-2022:1094-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-debuginfo-3.6.15-21.4.x86_64.rpm | Linux |
| SUSE-SU-2022:1094-1(SUSE Linux Enterprise Server 12-SP5 ) python36-debuginfo-3.6.15-21.5.x86_64.rpm | Linux |
| SUSE-SU-2022:1094-1(SUSE Linux Enterprise Server 12-SP5 ) python36-debugsource-3.6.15-21.5.x86_64.rpm | Linux |
| Python3-pip update (ELSA-2023-12349) python3-pip-9.0.3-8.0.3.el7.noarch.rpm | Linux |
| Python39 update (ELSA-2023-7034) python39-3.9.18-1.module+el8.9.0+90071+8dc52a4f.x86_64.rpm | Linux |
| Python39-PyMySQL update (ELSA-2023-7034) python39-PyMySQL-0.10.1-2.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-cffi update (ELSA-2023-7034) python39-cffi-1.14.3-2.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-chardet update (ELSA-2023-7034) python39-chardet-3.0.4-19.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-cryptography update (ELSA-2023-7034) python39-cryptography-3.3.1-2.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-devel update (ELSA-2023-7034) python39-devel-3.9.18-1.module+el8.9.0+90071+8dc52a4f.x86_64.rpm | Linux |
| Python39-idle update (ELSA-2023-7034) python39-idle-3.9.18-1.module+el8.9.0+90071+8dc52a4f.x86_64.rpm | Linux |
| Python39-idna update (ELSA-2023-7034) python39-idna-2.10-3.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-libs update (ELSA-2023-7034) python39-libs-3.9.18-1.module+el8.9.0+90071+8dc52a4f.x86_64.rpm | Linux |
| Python39-lxml update (ELSA-2023-7034) python39-lxml-4.6.5-1.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-mod_wsgi update (ELSA-2023-7034) python39-mod_wsgi-4.7.1-7.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-numpy update (ELSA-2023-7034) python39-numpy-1.19.4-3.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-numpy-doc update (ELSA-2023-7034) python39-numpy-doc-1.19.4-3.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-numpy-f2py update (ELSA-2023-7034) python39-numpy-f2py-1.19.4-3.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-pip update (ELSA-2023-7034) python39-pip-20.2.4-8.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-pip-wheel update (ELSA-2023-7034) python39-pip-wheel-20.2.4-8.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-ply update (ELSA-2023-7034) python39-ply-3.11-10.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-psutil update (ELSA-2023-7034) python39-psutil-5.8.0-4.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-psycopg2 update (ELSA-2023-7034) python39-psycopg2-2.8.6-2.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-psycopg2-doc update (ELSA-2023-7034) python39-psycopg2-doc-2.8.6-2.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-psycopg2-tests update (ELSA-2023-7034) python39-psycopg2-tests-2.8.6-2.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-pycparser update (ELSA-2023-7034) python39-pycparser-2.20-3.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-pysocks update (ELSA-2023-7034) python39-pysocks-1.7.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-pyyaml update (ELSA-2023-7034) python39-pyyaml-5.4.1-1.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-requests update (ELSA-2023-7034) python39-requests-2.25.0-3.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-rpm-macros update (ELSA-2023-7034) python39-rpm-macros-3.9.18-1.module+el8.9.0+90071+8dc52a4f.noarch.rpm | Linux |
| Python39-scipy update (ELSA-2023-7034) python39-scipy-1.5.4-5.module+el8.9.0+90016+9c2d6573.x86_64.rpm | Linux |
| Python39-setuptools update (ELSA-2023-7034) python39-setuptools-50.3.2-4.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-setuptools-wheel update (ELSA-2023-7034) python39-setuptools-wheel-50.3.2-4.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-six update (ELSA-2023-7034) python39-six-1.15.0-3.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-test update (ELSA-2023-7034) python39-test-3.9.18-1.module+el8.9.0+90071+8dc52a4f.x86_64.rpm | Linux |
| Python39-tkinter update (ELSA-2023-7034) python39-tkinter-3.9.18-1.module+el8.9.0+90071+8dc52a4f.x86_64.rpm | Linux |
| Python39-toml update (ELSA-2023-7034) python39-toml-0.10.1-5.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-urllib3 update (ELSA-2023-7034) python39-urllib3-1.25.10-4.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-wheel update (ELSA-2023-7034) python39-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Python39-wheel-wheel update (ELSA-2023-7034) python39-wheel-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm | Linux |
| Vulnerabilities CVE-2021-3572 are fixed in Python-pip for linux 21.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234