Lucene search
GoogleOSV:GHSA-27X4-J476-JP5FHistoryMay 17, 2022 - 5:01 a.m.
Setuptools vulnerable to Man-in-the-middle attacks
2022-05-1705:01:02
Google
osv.dev
6
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
50.9%
easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
| CPE | Name | Operator | Version |
|---|---|---|---|
| setuptools | eq | 0.6c3 | |
| setuptools | eq | 0.6c7 | |
| setuptools | eq | 0.6c5 | |
| setuptools | eq | 0.6c9 | |
| setuptools | eq | 0.6c11 | |
| setuptools | eq | 0.6b4 | |
| setuptools | eq | 0.6c6 | |
| setuptools | eq | 0.6c8 | |
| setuptools | eq | 0.6c4 | |
| setuptools | eq | 0.6b2 |
Related
nessus
nessus
Mandriva Linux Security Advisory : python-setuptools (MDVSA-2013:227)
2013-09-10 00:00:00
SuSE 11.3 Security Update : python-setuptools (SAT Patch Number 9116)
2014-04-15 00:00:00
GLSA-201310-09 : Setuptools: Man-in-the-Middle attack
2013-10-11 00:00:00
cve
cve
CVE-2013-1633
2013-08-06 02:52:00
ubuntucve
ubuntucve
CVE-2013-1633
2013-08-06 00:00:00
prion
prion
Design/Logic Flaw
2013-08-06 02:52:00
mageia
mageia
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0274)
2022-01-28 00:00:00
Gentoo Security Advisory GLSA 201310-09
2015-09-29 00:00:00
Fedora Update for python-virtualenv FEDORA-2013-14891
2013-09-06 00:00:00
github
github
Setuptools vulnerable to Man-in-the-middle attacks
2022-05-17 05:01:02
osv
osv
PYSEC-2013-22
2013-08-06 02:52:00
fedora
fedora
[SECURITY] Fedora 18 Update: python-virtualenv-1.10.1-1.fc18
2013-09-05 01:25:58
[SECURITY] Fedora 19 Update: python-virtualenv-1.10.1-1.fc19
2013-09-05 01:26:45
gentoo
gentoo
Setuptools: Man-in-the-Middle attack
2013-10-10 00:00:00
securityvulns
securityvulns
[ MDVSA-2013:227 ] python-setuptools
2013-09-11 00:00:00
python libraries security vulnerabilities
2013-09-11 00:00:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
50.9%
Related for OSV:GHSA-27X4-J476-JP5F