Количество 2
Количество 2
CVE-2013-1630
pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a download operation.
GHSA-f594-f3v3-g649
pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2013-1630 pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a download operation. | CVSS2: 6.8 | 1% Низкий | больше 12 лет назад |
| GHSA-f594-f3v3-g649 pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу