CVE-2013-1630

pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a download operation.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:guillaume_gauvrit:pyshop:*:*:*:*:*:*:*:*
cpe:2.3:a:guillaume_gauvrit:pyshop:0.1:*:*:*:*:*:*:*
cpe:2.3:a:guillaume_gauvrit:pyshop:0.2:*:*:*:*:*:*:*
cpe:2.3:a:guillaume_gauvrit:pyshop:0.3:*:*:*:*:*:*:*
cpe:2.3:a:guillaume_gauvrit:pyshop:0.4:*:*:*:*:*:*:*
cpe:2.3:a:guillaume_gauvrit:pyshop:0.5:*:*:*:*:*:*:*
cpe:2.3:a:guillaume_gauvrit:pyshop:0.6:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-08-06 02:52

Updated : 2024-02-04 18:16


NVD link : CVE-2013-1630

Mitre link : CVE-2013-1630

CVE.ORG link : CVE-2013-1630


JSON object : View

Products Affected

guillaume_gauvrit

  • pyshop
CWE
CWE-20

Improper Input Validation