CVE-2021-3572

This repository is designed for testing CVE-2021-3572 in pypa/pip.

For more information, see these resources:

CVE page: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3572
PR where vulnerability was fixed: pypa/pip#9827
Issue with more discussion: pypa/pip#10042

Also, see the tags and first two commits in this repository.

Testing

Vulnerable version of pip (<21.1) installs version 9999.0 but the fixed version installs the correct version 1.0:

Vulnerable version

$ pip install "pip<21.1"
Successfully installed pip-21.0.1

$ pip install git+https://github.com/frenzymadness/CVE-2021-3572.git@original_version

$ pip list
Package       Version
------------- -------
cve-2021-3572 9999.0
pip           21.0.1
setuptools    56.2.0
wheel         0.36.2

Fixed version

$ pip install -U pip
Successfully installed pip-21.1.2

$ pip install git+https://github.com/frenzymadness/CVE-2021-3572.git@original_version

$ pip list
Package       Version
------------- -------
cve-2021-3572 1.0
pip           21.1.2
setuptools    56.2.0
wheel         0.36.2

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
LICENSE		LICENSE
README.md		README.md
cve_2021_3572.py		cve_2021_3572.py
setup.py		setup.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LICENSE

LICENSE

README.md

README.md

cve_2021_3572.py

cve_2021_3572.py

setup.py

setup.py

Repository files navigation

CVE-2021-3572

Testing

Vulnerable version

Fixed version

About

Releases

Packages

Languages

License

frenzymadness/CVE-2021-3572

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-3572

Testing

Vulnerable version

Fixed version

About

Resources

License

Stars

Watchers

Forks

Languages