Note:
This project will be discontinued after December 13, 2021. [more]
2019-11-05
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
Products | Debian_linux, Fedora, Pip, Openshift, Software_collections, Virtualenv |
Type | Improper Authentication (CWE-287) |
First patch | - None (likely due to unavailable code) |
Links |
• http://www.openwall.com/lists/oss-security/2013/08/21/17
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123 • http://www.openwall.com/lists/oss-security/2013/08/21/18 • http://www.securityfocus.com/bid/77520 • https://security-tracker.debian.org/tracker/CVE-2013-5123 |