What is CVE-2013-1629?

CVE-2013-1629 is a vulnerability in Pypa Pip, classified under Improper Input Validation. Published 2013-08-06.

Is CVE-2013-1629 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Pypa Pip

CVE-2013-1629

pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a "pip install"…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.399 (97.4th percentile) — read the EPSS interpretation.

Affected products

Pypa Pip
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)
cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2013-1629?: CVE-2013-1629 is a vulnerability in Pypa Pip, classified under Improper Input Validation. Published 2013-08-06.
Is CVE-2013-1629 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.