easy_install in setuptools prior to 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle malicious users to execute arbitrary code via a crafted response to the default use of the product.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
python setuptools 0.6.44 |
||
python setuptools 0.6.46 |
||
python setuptools 0.6.48 |
||
python setuptools |
||
python setuptools 0.6.43 |
||
python setuptools 0.6.40 |
||
python setuptools 0.6.49 |
||
python setuptools 0.6.47 |
||
python setuptools 0.6.45 |
||
python setuptools 0.6.41 |
||
python setuptools 0.6.42 |