Improper input validation in Python Setuptools

CVE-2013-1633

easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted resp…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.008 (73.8th percentile) — read the EPSS interpretation.