MiracleLinux 8 : python-pip-9.0.3-20.el8 (AXSA:2021-2732:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2732:02 advisory. python-pip: Incorrect handling of unicode separators in git references CVE-2021-3572 Tenable has extracted the preceding description block directly from the...

RHEL 8 : python-pip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-pip: when --extra-index-url option is used and package does not already exist in the public index, the...

Refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

PYSEC-2023-165

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...

CVE-2023-41040

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...

CVE-2023-41040 GitPython blind local file inclusion

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...

Oracle Linux 7 : python-pip (ELSA-2023-12349)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-12349 advisory. 9.0.3-8.0.3 - CVE-2021-3572 Orabug: 35240686 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

SUSE CVE-2021-3572

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1...

Gitea 参数注入漏洞

Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in versions of Gitea prior to 1.17.3, which stems from its failure to clean up and escape references in the git backend resulting in incorrectly handled arguments to git commands...

Security Bulletin: Pip as used by IBM QRadar Advisor With Watson is vulnerable to multiple vulnerabilities (CVE-2019-20916, CVE-2021-3572, CVE-2018-20225)

Summary Pip as used by IBM QRadar Advisor With Watson to manage python packages is vulnerable to multiple vulnerabilities. IBM QRadar Advisor With Watson has addressed the applicable CVEs by updating pip. Vulnerability Details CVEID: CVE-2019-20916 DESCRIPTION: pypa pip package for python could...

USN-4961-2 python-pip vulnerability

USN-4961-1 fixed a vulnerability in pip. This update provides the corresponding updates for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Original advisory details: It was discovered that pip incorrectly handled unicode separators in git references. A remote attacker could possibly use...

SUSE-SU-2022:1094-1 Security update for python36

This security update for python36 fixes the following issues: - CVE-2021-3572: Update bundled pip wheel - pip incorrectly handled unicode separators in git references bsc1186819...

SUSE SLES12 Security Update : python3 (SUSE-SU-2022:1044-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1044-1 advisory. - A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue...

SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2022:0942-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0942-1 advisory. - A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could...

openSUSE 15 Security Update : python3 (openSUSE-SU-2022:0942-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0942-1 advisory. - A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to...

EulerOS Virtualization 3.0.6.0 : python-pip (EulerOS-SA-2022-1091)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly u...

AlmaLinux 8 : python-pip (ALSA-2021:4455)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4455 advisory. - A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different...

SUSE SLED15 / SLES15 Security Update : python39-pip (SUSE-SU-2022:0064-1)

The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:0064-1 advisory. - A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to...

SUSE SLES12 Security Update : python36-pip (SUSE-SU-2022:0060-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:0060-1 advisory. - A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue...

SUSE-SU-2022:0064-1 Security update for python39-pip

This update for python39-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references bsc1186819...