CVE-2013-1629

2013-08-05T22:52:10
ID CVE-2013-1629
Type cve
Reporter NVD
Modified 2013-09-24T10:32:22

Description

pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a "pip install" operation.