Vulnerability in Pypa Pip
CVE-2013-1888
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
EPSS: 0.001 (24.7th percentile) — read the EPSS interpretation.
Affected products
- Pypa Pip
- Fedoraproject Fedora — versions 17, 18, 19
- N/a — versions n/a
Weakness classification (CWE)
References
- [oss-security] 20130322 Re: CVE Request: python-pip insecure temporary directory handling (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- FEDORA-2013-8221 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory)
- FEDORA-2013-8193 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- FEDORA-2013-8166 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)