The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-11-05T21:16:59

Updated: 2024-08-06T17:06:50.907Z

Reserved: 2013-08-15T00:00:00

Link: CVE-2013-5123

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-11-05T22:15:10.813

Modified: 2024-11-21T01:57:03.813

Link: CVE-2013-5123

cve-icon Redhat

Severity : Moderate

Publid Date: 2013-07-31T00:00:00Z

Links: CVE-2013-5123 - Bugzilla