CVE-2013-5123 (NVD)
- Vulnerability Info (edit)The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
| Products | Debian_linux, Fedora, Pip, Openshift, Software_collections, Virtualenv |
| Type |
Improper Authentication (CWE-287) |
| First patch | - None (likely due to unavailable code) |
| Links |
•
http://www.openwall.com/lists/oss-security/2013/08/21/17
• http://www.securityfocus.com/bid/77520 • http://www.openwall.com/lists/oss-security/2013/08/21/18 • https://security-tracker.debian.org/tracker/CVE-2013-5123 • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html |
| Annotation |
Note: No patch was assigned yet. |