CVE-2013-1633

easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:python:setuptools:*:*:*:*:*:*:*:*
cpe:2.3:a:python:setuptools:0.6.40:*:*:*:*:*:*:*
cpe:2.3:a:python:setuptools:0.6.41:*:*:*:*:*:*:*
cpe:2.3:a:python:setuptools:0.6.42:*:*:*:*:*:*:*
cpe:2.3:a:python:setuptools:0.6.43:*:*:*:*:*:*:*
cpe:2.3:a:python:setuptools:0.6.44:*:*:*:*:*:*:*
cpe:2.3:a:python:setuptools:0.6.45:*:*:*:*:*:*:*
cpe:2.3:a:python:setuptools:0.6.46:*:*:*:*:*:*:*
cpe:2.3:a:python:setuptools:0.6.47:*:*:*:*:*:*:*
cpe:2.3:a:python:setuptools:0.6.48:*:*:*:*:*:*:*
cpe:2.3:a:python:setuptools:0.6.49:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-08-06 02:52

Updated : 2024-02-04 18:16


NVD link : CVE-2013-1633

Mitre link : CVE-2013-1633

CVE.ORG link : CVE-2013-1633


JSON object : View

Products Affected

python

  • setuptools
CWE
CWE-20

Improper Input Validation