Pip Vulnerable to Path Traversal via Lack of Symbolic Link Validation in 'unpacking.py' File
Pip is vulnerable to path traversal due to a lack of validation for symbolic links when Pip is used with instances of python which do not implement PEP 706. This could allow a remote attacker to extract a tar file outside of the intended directory...