Skip to main content

Pip CVE-2013-1888

LOW
Improper Link Resolution Before File Access (CWE-59)
2013-08-17 secalert@redhat.com
2.1
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:N/C:N/I:P/A:N
Attack Vector
Local
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 17, 2013 - 06:54 cve.org
LOW 2.1

DescriptionCVE.org

pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.

AnalysisAI

pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-59. pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. Affected products include: Pypa Pip, Fedoraproject Fedora. Version information: before 1.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2013-1888 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy