CVE-2013-5123

Опубликовано: 31 июл. 2013

Источник: redhat

CVSS2: 4.3

EPSS Средний

Описание

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

Затронутые пакеты

Платформа	Пакет	Состояние
OpenShift Enterprise 1	python-virtualenv	Will not fix
Red Hat OpenShift Enterprise 2	python27-python-pip	Will not fix
Red Hat OpenShift Enterprise 2	python-virtualenv	Will not fix
Red Hat Software Collections	python27-python-virtualenv	Affected
Red Hat Software Collections	python33-python-virtualenv	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1066692python-pip: insecure software download with mirroring support

EPSS

Процентиль: 94%

0.12381

Средний

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2013-5123

CVSS3: 5.9

ubuntu

больше 6 лет назад

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

CVE-2013-5123

CVSS3: 5.9

nvd

больше 6 лет назад

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

CVE-2013-5123

CVSS3: 5.9

debian

больше 6 лет назад

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 use ...

GHSA-c5h8-cq4v-cvfm

CVSS3: 5.9

github

больше 3 лет назад

Improper Authentication in pip

SUSE-RU-2019:2505-1

suse-cvrf

больше 6 лет назад

Recommended update for python-jmespath, python-jsonschema, python-paramiko, python-pexpect, python-pip, python-ply, python-pretend, python-process-tests, python-pycodestyle, python-pyflakes, python-pyxdg, python-tabulate, python-vcversioner

EPSS

Процентиль: 94%

0.12381

Средний

4.3 Medium

CVSS2