Vulnerability Database
289,784
Total vulnerabilities in the database
CVE-2013-5123
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
| Software | From | Fixed in |
|---|---|---|
| pypa / pip | - | 1.5 |
| virtualenv / virtualenv | 12.0.7 | 12.0.7.x |
| fedoraproject / fedora | 20 | 20.x |
| fedoraproject / fedora | 21 | 21.x |
| redhat / openshift | 1.0 | 1.0.x |
| redhat / openshift | 2.0 | 2.0.x |
| debian / debian_linux | 8.0 | 8.0.x |
| debian / debian_linux | 9.0 | 9.0.x |
| debian / debian_linux | 10.0 | 10.0.x |
pip
|
- | 1.5 |
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html
- http://www.openwall.com/lists/oss-security/2013/08/21/17
- http://www.openwall.com/lists/oss-security/2013/08/21/18
- http://www.securityfocus.com/bid/77520
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123
- https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2019-160.yaml
- https://security-tracker.debian.org/tracker/CVE-2013-5123