pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.CreditsLumír BalharDamian Shaw (https://github.com/notatallshaw)Gregory P. Smith (https://github.com/gpshead)Jannis Leidel (https://github.com/jezdez)Pradyun Gedam (https://github.com/pradyunsg)Paul Moore (https://github.com/pfmoore)Referenceshttps://github.com/pypa/pip/pull/14000https://mail.python.org/archives/list/security-announce@python.org/thread/YV63UET5D3OOJY7O4M5XCVYO2YM4NBYJ/
