Vulnerabilities > CVE-2021-3572

CVSS 5.7 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

pypa

oracle

NVD

Published: 2021-11-10

Updated: 2022-10-05

Summary

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.

Vulnerable Configurations

Part	Description	Count
Application	Pypa Pypa PIP 0.1 Pypa PIP 0.1.1 Pypa PIP 0.1.2 Pypa PIP 0.1.3 Pypa PIP 0.1.4 Pypa PIP 0.2 Pypa PIP 0.2.1 Pypa PIP 0.3 Pypa PIP 0.3.1 Pypa PIP 0.4 Pypa PIP 0.5 Pypa PIP 0.5.1 Pypa PIP 0.6 Pypa PIP 0.6.1 Pypa PIP 0.6.2 Pypa PIP 0.6.3 Pypa PIP 0.7 Pypa PIP 0.7.1 Pypa PIP 0.7.2 Pypa PIP 0.8 Pypa PIP 0.8.1 Pypa PIP 0.8.2 Pypa PIP 0.8.3 Pypa PIP 1.0 Pypa PIP 1.0.1 Pypa PIP 1.0.2 Pypa PIP 1.1 Pypa PIP 1.2 Pypa PIP 1.2.1 Pypa PIP 1.3 Pypa PIP 1.3.1 Pypa PIP 1.4 Pypa PIP 1.4.1 Pypa PIP 1.5 Pypa PIP 1.5.1 Pypa PIP 1.5.2 Pypa PIP 1.5.3 Pypa PIP 1.5.4 Pypa PIP 1.5.5 Pypa PIP 1.5.6 Pypa PIP 6.0 Pypa PIP 6.0.1 Pypa PIP 6.0.2 Pypa PIP 6.0.3 Pypa PIP 6.0.4 Pypa PIP 6.0.5 Pypa PIP 6.0.6 Pypa PIP 6.0.7 Pypa PIP 6.0.8 Pypa PIP 6.1.0 Pypa PIP 6.1.1 Pypa PIP 7.0.0 Pypa PIP 7.0.1 Pypa PIP 7.0.2 Pypa PIP 7.0.3 Pypa PIP 7.1.0 Pypa PIP 7.1.1 Pypa PIP 7.1.2 Pypa PIP 8.0.0 Pypa PIP 8.0.1 Pypa PIP 8.0.2 Pypa PIP 8.0.3 Pypa PIP 8.1.0 Pypa PIP 8.1.1 Pypa PIP 8.1.2 Pypa PIP 9.0.0 Pypa PIP 9.0.1 Pypa PIP 9.0.2 Pypa PIP 9.0.3 Pypa PIP 10.0.0 Pypa PIP 10.0.1 Pypa PIP 18.0 Pypa PIP 18.1 Pypa PIP 19.0 Pypa PIP 19.0.1 Pypa PIP 19.0.2 Pypa PIP 19.0.3 Pypa PIP 19.1 Pypa PIP 19.1.1 Pypa PIP 19.2 Pypa PIP 19.2.1 Pypa PIP 19.2.2 Pypa PIP 19.2.3 Pypa PIP 19.3 Pypa PIP 19.3.1 Pypa PIP 20.0 Pypa PIP 20.0.1 Pypa PIP 20.0.2 Pypa PIP 20.1 Pypa PIP 20.1.1 Pypa PIP 20.2 Pypa PIP 20.2.1 Pypa PIP 20.2.2 Pypa PIP 20.2.3 Pypa PIP 20.2.4 Pypa PIP 20.3 Pypa PIP 20.3.1 Pypa PIP 20.3.2 Pypa PIP 20.3.3 Pypa PIP 20.3.4 Pypa PIP 21.0 Pypa PIP 21.0.1	194
Application	Oracle Oracle Agile PLM 9.3.6 Oracle Communications Cloud Native Core Policy 1.15.0 Oracle Communications Cloud Native Core Policy 22.1.3 Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.1.0 Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0	5

Vulnerabilities > CVE-2021-3572 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-3572"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-3572