Security Advisory

CVE-2013-1629

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2013-08-06 01:00:00

Last updated 2024-09-16 19:25:45

Assigner mitre

State PUBLISHED

Description

pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a "pip install" operation.

← Browse all CVEs View on cve.org ↗