The mirroring support (-M, --use-mirrors) in Python Pip prior to 1.5 uses insecure DNS querying and authenticity checks which allows malicious users to perform man-in-the-middle attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pypa pip |
||
virtualenv virtualenv 12.0.7 |
||
fedoraproject fedora 20 |
||
fedoraproject fedora 21 |
||
redhat openshift 1.0 |
||
redhat openshift 2.0 |
||
redhat software collections - |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |