USN-4961-1: pip vulnerability
It was discovered that pip incorrectly handled unicode separators in git
references. A remote attacker could possibly use this issue to install a
different revision on a repository.
Source: USN-4961-1: pip vulnerability