Sign In

CVE-2021-3572

ADVISORY - github

Summary

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.

EPSS Score: 0.0024 (0.473)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-20

Improper Input Validation

ADVISORY - github

CWE-20

Improper Input Validation

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-20

Improper Input Validation

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-20

Improper Input Validation

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2021-3572
EXPLOITABILITY SCORE

2.1

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-20

CVSS SCORE

5.7medium

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-5xp3-jfq3-5q8x
EXPLOITABILITY SCORE

2.1

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-20

CVSS SCORE

7.1high

Debian

CREATED

UPDATED

ADVISORY IDCVE-2021-3572
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2021-3572
EXPLOITABILITY SCORE

2.1

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.7low

PypA

CREATED

UPDATED

ADVISORY ID

PYSEC-2021-437

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2021-3572

EXPLOITABILITY SCORE

2.1

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-20CWE-937

CVSS SCORE

5.7medium

Alma

CREATED

UPDATED

ADVISORY IDALSA-2021:4160
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

UPDATED

ADVISORY IDALSA-2021:4162
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

UPDATED

ADVISORY IDALSA-2021:4455
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Amazon

CREATED

UPDATED

ADVISORY IDALAS2-2022-1742
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Bitnami

CREATED

UPDATED

ADVISORY ID

BIT-2021-3572

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Bitnami

CREATED

UPDATED

ADVISORY ID

BIT-pip-2021-3572

EXPLOITABILITY SCORE

2.1

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.7medium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2021-3572
EXPLOITABILITY SCORE

0.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-20

CVSS SCORE

4.5low

Rocky

CREATED

UPDATED

ADVISORY IDRLSA-2021:4160
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Rocky

CREATED

UPDATED

ADVISORY IDRLSA-2021:4162
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2021-4160
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2021-4162
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2021-4455
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2023-12349
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-2pg9-jhcf-r8c4

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY