python-pip - Arch Linux
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2036 | 20.3.4-1 | Medium | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-3572 | AVG-2036 | Medium | Yes | Silent downgrade | A security issue has been found in pip before version 21.1. Maliciously formatted tags could be used to hijack a commit-based pin. Using the fact that all... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1153 | 20.2.3-1 | 20.2.4-1 | Low | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2018-20225 | AVG-1153 | Low | Yes | Arbitrary code execution | An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a... |