CVE-2013-5123 (NVD)
- Vulnerability Info (edit)The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
| Products | Debian_linux, Fedora, Pip, Openshift, Software_collections, Virtualenv |
| Type |
Improper Authentication (CWE-287) |
| First patch | - None (likely due to unavailable code) |
| Links |
•
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123
• http://www.openwall.com/lists/oss-security/2013/08/21/18 • http://www.openwall.com/lists/oss-security/2013/08/21/17 • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123 |
| Annotation |
Note: No patch was assigned yet. |