PT-2019-6986 · Python · Python-Pip

Victor Pereira

Published

2015-05-03

Updated

2024-06-15

CVE-2013-5123

CVSS v4.0

8.2

High

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Python Pip versions prior to 1.5

Description The issue concerns the mirroring support in Python Pip, which uses insecure DNS querying and authenticity checks. This allows attackers to perform man-in-the-middle attacks.

Recommendations For versions prior to 1.5, update to version 1.5 or later to resolve the issue.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2013-5123

GHSA-C5H8-CQ4V-CVFM

MGASA-2015-0180

OPENSUSE-SU-2024:10098-1

OPENSUSE-SU-2024:11251-1

OPENSUSE-SU-2024:11281-1

OPENSUSE-SU-2024:13916-1

PYSEC-2019-160

SUSE-FU-2021:2130-1

SUSE-RU-2019:2505-1

Affected Products

Python-Pip

PT-2019-6986 · Python · Python-Pip

CVE-2013-5123

Weakness Enumeration

Related Identifiers

Affected Products

References · 44