Severity by source
AV:L/AC:L/Au:N/C:N/I:N/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:L/Au:N/C:N/I:N/A:P
Lifecycle Timeline
1DescriptionCVE.org
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
AnalysisAI
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.
Technical ContextAI
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user. Affected products include: Pypa Pip, Oracle Solaris. Version information: through 1.5.6.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if t
A flaw was found in python-pip in the way it handled Unicode separators in git references. Rated medium severity (CVSS 5
Path traversal during wheel installation in pip allows a malicious package's console_scripts or gui_scripts entry point
When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Merc
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temp
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today