Lucene search
GoogleOSV:PYSEC-2019-160HistoryNov 05, 2019 - 10:15 p.m.
PYSEC-2019-160
2019-11-0522:15:00
Google
osv.dev
22
EPSS
0.002
Percentile
52.9%
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
References
lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html
lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html
www.openwall.com/lists/oss-security/2013/08/21/17
www.openwall.com/lists/oss-security/2013/08/21/18
www.securityfocus.com/bid/77520
bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123
bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123
github.com/advisories/GHSA-c5h8-cq4v-cvfm
security-tracker.debian.org/tracker/CVE-2013-5123
Related
prion
prion
Design/Logic Flaw
2019-11-05 22:15:00
Design/Logic Flaw
2013-08-27 03:34:00
cvelist
cvelist
CVE-2013-5123
2019-11-05 21:16:59
nvd
nvd
CVE-2013-5123
2019-11-05 22:15:10
CVE-2013-4266
2013-08-27 03:34:35
nessus
nessus
Fedora 21 : python-virtualenv-12.0.7-1.fc21 (2015-5974)
2015-04-22 00:00:00
Fedora 20 : python-virtualenv-12.0.7-1.fc20 (2015-6006)
2015-04-22 00:00:00
openvas
openvas
Fedora Update for python-virtualenv FEDORA-2015-5974
2015-04-22 00:00:00
Fedora Update for python-virtualenv FEDORA-2015-6006
2015-04-22 00:00:00
Mageia: Security Advisory (MGASA-2015-0180)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: python-virtualenv-12.0.7-1.fc21
2015-04-21 18:54:55
[SECURITY] Fedora 20 Update: python-virtualenv-12.0.7-1.fc20
2015-04-21 18:59:38
cve
cve
CVE-2013-5123
2019-11-05 22:15:10
CVE-2013-4266
2013-08-27 03:34:35
github
github
Improper Authentication in pip
2022-05-24 22:01:03
debiancve
debiancve
CVE-2013-5123
2019-11-05 22:15:10
ubuntucve
ubuntucve
CVE-2013-5123
2019-11-05 00:00:00
osv
osv
Improper Authentication in pip
2022-05-24 22:01:03
ibm
ibm
mageia
mageia
Updated python-pip packages fix security vulnerabilities
2015-05-03 03:19:16
exploitdb
exploitdb
phlyLabs phlyMail Lite 4.03.04 - 'go' Open Redirect
2013-01-13 00:00:00