4bf9482c7e
Python bundles pip, but does not track CVEs reported against it. Add an explicit CPE to be able to detect CVEs affecting pip version bundled with Python. Currently it is a manual process of keeping the version in sync with the one used in Python. The CVE-2018-20225 is essentially marked as ignored. It is not fixed upstream, and other users like Debian are also essentially ignoring this CVE: https://security-tracker.debian.org/tracker/CVE-2018-20225 Pull Request: https://projects.blender.org/blender/blender/pulls/125648