CVE-2013-1630

Name of the Vulnerable Software and Affected Versions pyshop versions prior to 0.7.1

Description The issue allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a download operation, as it uses HTTP to retrieve packages from the PyPI repository and does not perform integrity checks on package contents.

Recommendations For versions prior to 0.7.1, update to version 0.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the PyPI repository or using a secure connection to minimize the risk of exploitation.