Note:
This project will be discontinued after December 13, 2021. [more]
2019-11-05
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
| Products | Debian_linux, Fedora, Pip, Openshift, Software_collections, Virtualenv |
| Type | Improper Authentication (CWE-287) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123
• http://www.openwall.com/lists/oss-security/2013/08/21/17 • http://www.securityfocus.com/bid/77520 • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html |