python-pip

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	The PyPA recommended tool for installing Python packages
Version	24.3.1-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2036	20.3.4-4	21.0-1	Medium	Fixed
AVG-1153	20.2.3-1	20.2.4-1	Low	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-3572	AVG-2036	Medium	Yes	Silent downgrade	A security issue has been found in pip before version 21.1. Maliciously formatted tags could be used to hijack a commit-based pin. Using the fact that all...
CVE-2018-20225	AVG-1153	Low	Yes	Arbitrary code execution	An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a...

Issue

Group

Severity

Remote

Type

Description

CVE-2021-3572

AVG-2036

Medium

Yes

Silent downgrade

A security issue has been found in pip before version 21.1. Maliciously formatted tags could be used to hijack a commit-based pin. Using the fact that all...

CVE-2018-20225

AVG-1153

Low

Yes

Arbitrary code execution

An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a...