{"id":"USN-4961-1","summary":"python-pip vulnerability","details":"It was discovered that pip incorrectly handled unicode separators in git\nreferences. A remote attacker could possibly use this issue to install a\ndifferent revision on a repository.\n","modified":"2026-02-10T04:42:12Z","published":"2021-05-19T10:47:21Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4961-1"},{"type":"REPORT","url":"https://launchpad.net/bugs/1926957"}],"affected":[{"package":{"name":"python-pip","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/python-pip@20.0.2-5ubuntu1.5?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20.0.2-5ubuntu1.5"}]}],"versions":["18.1-5","18.1-5build1","18.1-5ubuntu1","20.0.2-2","20.0.2-4","20.0.2-5","20.0.2-5ubuntu1","20.0.2-5ubuntu1.1","20.0.2-5ubuntu1.3","20.0.2-5ubuntu1.4"],"ecosystem_specific":{"binaries":[{"binary_version":"20.0.2-5ubuntu1.5","binary_name":"python-pip-whl"},{"binary_version":"20.0.2-5ubuntu1.5","binary_name":"python3-pip"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4961-1.json"}}],"schema_version":"1.7.3"}