CVE-2013-5123: Improper Authentication
(updated )
The mirroring support (-M, –use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
References
- lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html
- lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html
- www.openwall.com/lists/oss-security/2013/08/21/17
- www.openwall.com/lists/oss-security/2013/08/21/18
- bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123
- bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123
- github.com/advisories/GHSA-c5h8-cq4v-cvfm
- nvd.nist.gov/vuln/detail/CVE-2013-5123
Detect and mitigate CVE-2013-5123 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →