pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository
pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a download operation.