diff --git a/backport-fix-vulnerable-regex.patch b/backport-fix-vulnerable-regex.patch
new file mode 100644
index 0000000000000000000000000000000000000000..90212c996e8a2bb1103cb753dbb8c1c9f36d9dde
--- /dev/null
+++ b/backport-fix-vulnerable-regex.patch
@@ -0,0 +1,25 @@
+From 254e668eef34ca21005634a2bdba9d9a74deaa26 Mon Sep 17 00:00:00 2001
+From: M00nL1ght <69127692+SCH227@users.noreply.github.com>
+Date: Tue, 30 Aug 2022 05:51:29 +0300
+Subject: [PATCH] Fix vulnerable regex
+
+Implement exclusive RE searches to avoid backtracking
+---
+ src/pip/_internal/models/wheel.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/pip/_internal/models/wheel.py b/src/pip/_internal/models/wheel.py
+index 35c70375539..a5dc12bdd63 100644
+--- a/src/pip/_internal/models/wheel.py
++++ b/src/pip/_internal/models/wheel.py
+@@ -13,8 +13,8 @@ class Wheel:
+     """A wheel file"""
+ 
+     wheel_file_re = re.compile(
+-        r"""^(?P<namever>(?P<name>.+?)-(?P<ver>.*?))
+-        ((-(?P<build>\d[^-]*?))?-(?P<pyver>.+?)-(?P<abi>.+?)-(?P<plat>.+?)
++        r"""^(?P<namever>(?P<name>[^\s-]+?)-(?P<ver>[^\s-]*?))
++        ((-(?P<build>\d[^-]*?))?-(?P<pyver>[^\s-]+?)-(?P<abi>[^\s-]+?)-(?P<plat>[^\s-]+?)
+         \.whl|\.dist-info)$""",
+         re.VERBOSE
+     )
diff --git a/python-pip.spec b/python-pip.spec
index 8724b91ef8b6f1643f15e3789e76604e158765c6..478a2549d473bbf32f9ab7c992b18938c62fda0c 100644
--- a/python-pip.spec
+++ b/python-pip.spec
@@ -7,7 +7,7 @@ pip is the package installer for Python. You can use pip to install packages fro
 %global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-%{_sysconfdir}/bash_completion.d})
 Name:           python-%{srcname}
 Version:        20.2.2
-Release:        6
+Release:        7
 Summary:        A tool for installing and managing Python packages
 License:        MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD)
 URL:            http://www.pip-installer.org
@@ -20,6 +20,7 @@ Patch6000:      dummy-certifi.patch
 Patch6001:      backport-CVE-2021-3572.patch
 Patch6002:      backport-CVE-2021-33503.patch
 Patch6003:      backport-CVE-2020-14422.patch
+Patch6004:      backport-fix-vulnerable-regex.patch
 
 Source1:	pip-allow-older-versions.patch
 
@@ -157,6 +158,9 @@ install -p dist/%{python_wheelname} -t %{buildroot}%{python_wheeldir}
 %{python_wheeldir}/%{python_wheelname}
 
 %changelog
+* Wed Dec 13 2023 yanglongkang <yanglongkang@h-partners.com> - 20.2.2-7
+- Fix vulnerable regex
+
 * Fri Sep 16 2022 yanglongkang<yanglongkang@h-partners.com> - 20.2.2-6
 - fix CVE-2020-14422