Insecure DNS Querying in Python Pip Leading to Man-in-the-Middle Attacks
CVE-2013-5123
5.9MEDIUM
What is CVE-2013-5123?
The mirroring support in Python Pip prior to version 1.5 suffers from insecure DNS querying and lacks proper authenticity checks. This vulnerability enables attackers to execute man-in-the-middle attacks, potentially compromising user data and the integrity of package installations. Users are advised to update to the latest version of Pip to mitigate this risk.
References
EPSS Score
12% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved