2 matches found
CVE-2013-1630
pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a download operation...
CVE-2013-1630
CVE-2013-1630 (pyshop) affects pyshop versions prior to 0.7.1. The root cause is use of HTTP to retrieve packages from the PyPI repository without performing integrity checks on package contents. This enables man-in-the-middle attackers to execute arbitrary code via a crafted response during a do...