CVE-2021-3572

MEDIUM

Python-pip <21.1 - Code Injection

Title source: llm

Description

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.

Exploits (1)

nomisec WORKING POC 2 stars

by frenzymadness · poc

https://github.com/frenzymadness/CVE-2021-3572

View Code ZIP pw:eip

References (4)

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1962856

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpuapr2022.html

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpujul2022.html

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20240621-0006/

Scores

CVSS v3 5.7

EPSS 0.0024

EPSS Percentile 47.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-20

Status published

Products (7)

oracle/agile_plm 9.3.6

oracle/communications_cloud_native_core_network_function_cloud_native_environment 1.10.0

oracle/communications_cloud_native_core_network_function_cloud_native_environment 22.1.0

oracle/communications_cloud_native_core_policy 1.15.0

oracle/communications_cloud_native_core_policy 22.1.3

pypa/pip < 21.1

pypi/pip 0 - 21.1PyPI

Published Nov 10, 2021

Tracked Since Feb 18, 2026