Vulnerability CVE-2021-29921,CVE-2020-14422, CVE-2021-3572, CVE-2021-33503 Vulnerability Found in python 3.9.2 /lib/python3.9/ensurepip

https://nvd.nist.gov/vuln/detail/CVE-2020-14422

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.

This CVE is listed as fixed in 3.9.0RC2 though you have added 3.9.2 and also mentioned ensurepip which doesn't seem to be relevant. Can you please add more detail over how we can reproduce the vulnerability in latest master or latest stable 3.9 release and how this is related to ensurepip.

To emphasize, Python 3.9.2 is obsolete and no longer supported; at the moment, the current release of Python 3.9 is 3.9.10. The most current bugfix release (3.9.x) obsoletes all previous releases of that Python version (3.9); during a version's support lifecycle, we only provide fixes for the most recent bugfix release (3.9.10). (Downstream third-party distributors of Python may have different support policies.)

https://www.python.org/downloads/