Vulncode-DB
  • Home
  • About
  • Deprecation
  • News
    Login/Register
  •  
  • Issues 
    File a bug Feature request
  • Slack
  • Twitter
Note:

This project will be discontinued after December 13, 2021. [more]

    CVE-2013-5123 (NVD)

    2019-11-05

    The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

    Products Debian_linux, Fedora, Pip, Openshift, Software_collections, Virtualenv
    Type Improper Authentication (CWE-287)
    First patch - None (likely due to unavailable code)
    Links • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123
    • http://www.openwall.com/lists/oss-security/2013/08/21/17
    • http://www.securityfocus.com/bid/77520
    • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html
    • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html
    More/Less (3)
    • https://security-tracker.debian.org/tracker/CVE-2013-5123
    • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123
    • http://www.openwall.com/lists/oss-security/2013/08/21/18

    Disclaimer: Vulncode-DB is not an officially supported Google product. Terms of Use
    See the vulncode-db repository for more information.


    Running version: bffd1467df54d98e5271ec977330365d5879b60d (2021-11-29 03:52:21)