VDB

GCVE-110-MAGEIA-2013-274

GCVE-110-MAGEIA-2013-274
Advisory Published
Vulnetix · Advisory published September 13, 2013
easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product (CVE-2013-1633).

Affected Products

VendorProductVersionsPlatforms
Mageiapython-setuptools0 (affected), 0.9.8-2.1.mga3 (unaffected)
Mageiapython-setuptools0 (affected), 0.9.8-1.1.mga2 (unaffected)
Mageiapython-virtualenv0 (affected), 1.10.1-1.1.mga3 (unaffected)
Mageiapython-virtualenv1.10.1-0.1.mga2 (unaffected), 0 (affected)

Browse GCVE Records

73,280 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›