Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2013-1629

Опубликовано: 06 авг. 2013
Источник: debian
EPSS Средний

Описание

pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a "pip install" operation.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-pipfixed1.3.1-1package
python-pipno-dsawheezypackage
python-pipno-dsasqueezepackage
python-virtualenvfixed1.9.1-1package
python-virtualenvno-dsawheezypackage
python-virtualenvno-dsasqueezepackage

EPSS

Процентиль: 97%
0.39922
Средний

Связанные уязвимости

ubuntu логотип

CVE-2013-1629

ubuntu
больше 12 лет назад

pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a "pip install" operation.

nvd логотип

CVE-2013-1629

nvd
больше 12 лет назад

pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a "pip install" operation.

github логотип

GHSA-g3p5-fjj9-h8gj

CVSS3: 8.4
github
больше 3 лет назад

Improper Input Validation in pip

EPSS

Процентиль: 97%
0.39922
Средний