CVE-2021-3572

MEDIUM
Published Nov 10, 20214y ago · Modified Jun 17, 20262w ago
5.7 CVSS 3.1
Medium
Find Similar
Published Nov 10, 2021 4y ago
Last Modified Jun 17, 2026 2w ago

Description

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.

CVSS Details

Base Score
5.7
Exploitability
2.1
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity High
Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 6

VendorProductVersionRange
pypapip* <21.1
oracleagile_plm9.3.6any
oraclecommunications_cloud_native_core_network_function_cloud_native_environment1.10.0any
oraclecommunications_cloud_native_core_network_function_cloud_native_environment22.1.0any
oraclecommunications_cloud_native_core_policy1.15.0any
oraclecommunications_cloud_native_core_policy22.1.3any

References 4

  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1962856
    Issue TrackingPatchThird Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20240621-0006/
  • oracle.com https://www.oracle.com/security-alerts/cpuapr2022.html
    PatchThird Party Advisory
  • oracle.com https://www.oracle.com/security-alerts/cpujul2022.html
    PatchThird Party Advisory

Remediation

  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1962856
    Issue TrackingPatchThird Party Advisory
  • oracle.com https://www.oracle.com/security-alerts/cpuapr2022.html
    PatchThird Party Advisory
  • oracle.com https://www.oracle.com/security-alerts/cpujul2022.html
    PatchThird Party Advisory