USN-4961-1: pip vulnerability
19 May 2021
pip could be made to install different git revisions.
- python-pip - Python package installer
It was discovered that pip incorrectly handled unicode separators in git
references. A remote attacker could possibly use this issue to install a
different revision on a repository.