Local File Overwrite Vulnerability in pip by Python Software Foundation
CVE-2013-1888

Currently unrated

Key Information:

Vendor: Pypa
Status: Pip
Vendor: CVE Published:; 17 August 2013

What is CVE-2013-1888?

The vulnerability arises from inadequate handling of temporary files in pip versions before 1.3. This flaw allows local users to exploit a symlink attack on files located in the /tmp/pip-build directory, potentially leading to overwriting of arbitrary files. This security breach underscores the importance of careful directory management and access permissions within software applications to safeguard against unauthorized file manipulations.

References

http://www.openwall.com/lists/oss-security/2013/03/22/10

mailing-listx_refsource_MLIST

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

https://github.com/pypa/pip/pull/734/files

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 17, 2013
Vulnerability Reserved
Feb 19, 2013

Pypa

What is CVE-2013-1888?

References

Timeline