Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yN3g0LWo0NzYtanA1Zs4AAe-Z
Setuptools vulnerable to Man-in-the-middle attacks
easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
Permalink: https://github.com/advisories/GHSA-27x4-j476-jp5fJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yN3g0LWo0NzYtanA1Zs4AAe-Z
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 8.4
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Identifiers: GHSA-27x4-j476-jp5f, CVE-2013-1633
References:
- https://nvd.nist.gov/vuln/detail/CVE-2013-1633
- https://pypi.python.org/pypi/setuptools/0.9.8#changes
- http://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a/
- https://github.com/advisories/GHSA-27x4-j476-jp5f
Affected Packages
pypi:setuptools
Dependent packages: 7,488Dependent repositories: 97,511
Downloads: 545,704,455 last month
Affected Version Ranges: < 0.7
Fixed in: 0.7
All affected versions:
All unaffected versions: 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.3.1, 1.3.2, 1.4.1, 1.4.2, 2.0.1, 2.0.2, 2.1.1, 2.1.2, 3.0.1, 3.0.2, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.5.1, 3.5.2, 3.7.1, 3.8.1, 4.0.1, 5.0.1, 5.0.2, 5.4.1, 5.4.2, 5.5.1, 6.0.1, 6.0.2, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.2.1, 9.0.1, 10.0.1, 10.2.1, 11.3.1, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.5, 13.0.1, 13.0.2, 14.1.1, 14.3.1, 17.1.1, 18.0.1, 18.3.1, 18.3.2, 18.6.1, 18.7.1, 18.8.1, 19.1.1, 19.4.1, 19.6.1, 19.6.2, 20.1.1, 20.2.2, 20.3.1, 20.6.6, 20.6.7, 20.6.8, 20.7.0, 20.8.0, 20.8.1, 20.9.0, 20.10.1, 21.0.0, 21.1.0, 21.2.0, 21.2.1, 21.2.2, 22.0.0, 22.0.1, 22.0.2, 22.0.4, 22.0.5, 23.0.0, 23.1.0, 23.2.0, 23.2.1, 24.0.0, 24.0.1, 24.0.2, 24.0.3, 24.1.0, 24.1.1, 24.2.0, 24.2.1, 24.3.0, 24.3.1, 25.0.0, 25.0.1, 25.0.2, 25.1.0, 25.1.1, 25.1.2, 25.1.3, 25.1.4, 25.1.5, 25.1.6, 25.2.0, 25.3.0, 25.4.0, 26.0.0, 26.1.0, 26.1.1, 27.0.0, 27.1.0, 27.1.2, 27.2.0, 27.3.0, 27.3.1, 28.0.0, 28.1.0, 28.2.0, 28.3.0, 28.4.0, 28.5.0, 28.6.0, 28.6.1, 28.7.0, 28.7.1, 28.8.0, 28.8.1, 29.0.0, 29.0.1, 30.0.0, 30.1.0, 30.2.0, 30.2.1, 30.3.0, 30.4.0, 31.0.0, 31.0.1, 32.0.0, 32.1.0, 32.1.1, 32.1.2, 32.1.3, 32.2.0, 32.3.0, 32.3.1, 33.1.0, 33.1.1, 34.0.0, 34.0.1, 34.0.2, 34.0.3, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.4.0, 34.4.1, 35.0.0, 35.0.1, 35.0.2, 36.0.1, 36.1.0, 36.1.1, 36.2.0, 36.2.1, 36.2.2, 36.2.3, 36.2.4, 36.2.5, 36.2.6, 36.2.7, 36.3.0, 36.4.0, 36.5.0, 36.6.0, 36.6.1, 36.7.0, 36.7.1, 36.7.2, 36.8.0, 37.0.0, 38.0.0, 38.1.0, 38.2.0, 38.2.1, 38.2.3, 38.2.4, 38.2.5, 38.3.0, 38.4.0, 38.4.1, 38.5.0, 38.5.1, 38.5.2, 38.6.0, 38.6.1, 38.7.0, 39.0.0, 39.0.1, 39.1.0, 39.2.0, 40.0.0, 40.1.0, 40.1.1, 40.2.0, 40.3.0, 40.4.0, 40.4.1, 40.4.2, 40.4.3, 40.5.0, 40.6.0, 40.6.1, 40.6.2, 40.6.3, 40.7.0, 40.7.1, 40.7.2, 40.7.3, 40.8.0, 40.9.0, 41.0.0, 41.0.1, 41.1.0, 41.2.0, 41.3.0, 41.4.0, 41.5.0, 41.5.1, 41.6.0, 42.0.0, 42.0.1, 42.0.2, 43.0.0, 44.0.0, 44.1.0, 44.1.1, 45.0.0, 45.1.0, 45.2.0, 45.3.0, 46.0.0, 46.1.0, 46.1.1, 46.1.2, 46.1.3, 46.2.0, 46.3.0, 46.3.1, 46.4.0, 47.0.0, 47.1.0, 47.1.1, 47.2.0, 47.3.0, 47.3.1, 47.3.2, 48.0.0, 49.0.0, 49.0.1, 49.1.0, 49.1.1, 49.1.2, 49.1.3, 49.2.0, 49.2.1, 49.3.0, 49.3.1, 49.3.2, 49.4.0, 49.5.0, 49.6.0, 50.0.0, 50.0.1, 50.0.2, 50.0.3, 50.1.0, 50.2.0, 50.3.0, 50.3.1, 50.3.2, 51.0.0, 51.1.0, 51.1.1, 51.1.2, 51.2.0, 51.3.0, 51.3.1, 51.3.2, 51.3.3, 52.0.0, 53.0.0, 53.1.0, 54.0.0, 54.1.0, 54.1.1, 54.1.2, 54.1.3, 54.2.0, 56.0.0, 56.1.0, 56.2.0, 57.0.0, 57.1.0, 57.2.0, 57.3.0, 57.4.0, 57.5.0, 58.0.0, 58.0.1, 58.0.2, 58.0.3, 58.0.4, 58.1.0, 58.2.0, 58.3.0, 58.4.0, 58.5.0, 58.5.1, 58.5.2, 58.5.3, 59.0.1, 59.1.0, 59.1.1, 59.2.0, 59.3.0, 59.4.0, 59.5.0, 59.6.0, 59.7.0, 59.8.0, 60.0.0, 60.0.1, 60.0.2, 60.0.3, 60.0.4, 60.0.5, 60.1.0, 60.1.1, 60.2.0, 60.3.0, 60.3.1, 60.4.0, 60.5.0, 60.6.0, 60.7.0, 60.7.1, 60.8.0, 60.8.1, 60.8.2, 60.9.0, 60.9.1, 60.9.2, 60.9.3, 60.10.0, 61.0.0, 61.1.0, 61.1.1, 61.2.0, 61.3.0, 61.3.1, 62.0.0, 62.1.0, 62.2.0, 62.3.0, 62.3.1, 62.3.2, 62.3.3, 62.3.4, 62.4.0, 62.5.0, 62.6.0, 63.0.0, 63.1.0, 63.2.0, 63.3.0, 63.4.0, 63.4.1, 63.4.2, 63.4.3, 64.0.0, 64.0.1, 64.0.2, 64.0.3, 65.0.0, 65.0.1, 65.0.2, 65.1.0, 65.1.1, 65.2.0, 65.3.0, 65.4.0, 65.4.1, 65.5.0, 65.5.1, 65.6.0, 65.6.1, 65.6.2, 65.6.3, 65.7.0, 66.0.0, 66.1.0, 66.1.1, 67.0.0, 67.1.0, 67.2.0, 67.3.1, 67.3.2, 67.3.3, 67.4.0, 67.5.0, 67.5.1, 67.6.0, 67.6.1, 67.7.0, 67.7.1, 67.7.2, 67.8.0, 68.0.0, 68.1.0, 68.1.2, 68.2.0, 68.2.1, 68.2.2, 69.0.0, 69.0.1, 69.0.2, 69.0.3, 69.1.0, 69.1.1, 69.2.0, 69.3.0, 69.3.1, 69.4.0, 69.4.1, 69.4.2, 69.5.0, 69.5.1, 70.0.0, 70.1.0, 70.1.1, 70.2.0, 70.3.0, 71.0.0, 71.0.1, 71.0.2, 71.0.3, 71.0.4, 71.1.0, 72.0.0, 72.1.0, 72.2.0, 73.0.0, 73.0.1, 74.0.0, 74.1.0, 74.1.1, 74.1.2, 74.1.3, 75.0.0