exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2013-1633

больше 12 лет назад

easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.

CVSS2: 6.8

EPSS: Низкий

CVE-2013-1633

больше 12 лет назад

easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.

CVSS2: 4.4

EPSS: Низкий

CVE-2013-1633

больше 12 лет назад

easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.

CVSS2: 6.8

EPSS: Низкий

CVE-2013-1633

больше 12 лет назад

easy_install in setuptools before 0.7 uses HTTP to retrieve packages f ...

CVSS2: 6.8

EPSS: Низкий

GHSA-27x4-j476-jp5f

больше 3 лет назад

Setuptools vulnerable to Man-in-the-middle attacks

CVSS3: 8.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2013-1633 easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.	CVSS2: 6.8	1% Низкий	больше 12 лет назад
CVE-2013-1633 easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.	CVSS2: 4.4	1% Низкий	больше 12 лет назад
CVE-2013-1633 easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.	CVSS2: 6.8	1% Низкий	больше 12 лет назад
CVE-2013-1633 easy_install in setuptools before 0.7 uses HTTP to retrieve packages f ...	CVSS2: 6.8	1% Низкий	больше 12 лет назад
GHSA-27x4-j476-jp5f Setuptools vulnerable to Man-in-the-middle attacks	CVSS3: 8.3	1% Низкий	больше 3 лет назад

Уязвимостей на страницу