Pip
CVE-2013-1888
LOW
Severity by source
AV:L/AC:L/Au:N/C:N/I:P/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:L/Au:N/C:N/I:P/A:N
Lifecycle Timeline
1DescriptionCVE.org
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
AnalysisAI
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-59. pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. Affected products include: Pypa Pip, Fedoraproject Fedora. Version information: before 1.3.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if t
A flaw was found in python-pip in the way it handled Unicode separators in git references. Rated medium severity (CVSS 5
Path traversal during wheel installation in pip allows a malicious package's console_scripts or gui_scripts entry point
When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Merc
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today