CVE-2013-1633

CVE-2013-1633

easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.

CVE-2013-1633

easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.

CVE-2013-1633

easy_install in setuptools before 0.7 uses HTTP to retrieve packages f ...

GHSA-27x4-j476-jp5f

Setuptools vulnerable to Man-in-the-middle attacks