CVE-2013-1633

2013-08-06T02:52:00
ID CVE-2013-1633
Type cve
Reporter cve@mitre.org
Modified 2013-10-11T13:59:00

Description

easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.