pip@8.1.1 vulnerabilities

The PyPA recommended tool for installing Python packages.

Known vulnerabilities in the pip package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Arbitrary Command Injection Affected versions of this package are vulnerable to Arbitrary Command Injection when installing a package from a Mercurial VCS URL. An attacker can inject arbitrary configuration options to the `hg clone` call via the `--config` option, which can modify how and which repository is installed. This is only exploitable when installing from Mercurial VCS URLs.. How to fix Arbitrary Command Injection? Upgrade `pip` to version 23.3 or higher.	[,23.3)
M Improper Input Validation Affected versions of this package are vulnerable to Improper Input Validation. Splitting on unicode separators in git references could be maliciously used to install a different revision on the repository. How to fix Improper Input Validation? Upgrade `pip` to version 21.1 or higher.	[,21.1)
H Directory Traversal Affected versions of this package are vulnerable to Directory Traversal via `_download_http_url` in `_internal/download.py`. When a URL is given in an install command the Content-Disposition header can have `../` in a filename. How to fix Directory Traversal? Upgrade `pip` to version 19.2 or higher.	[,19.2)