Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-41159.json
JSON Data
https://api.osv.dev/v1/vulns/AZL-41159
Upstream
  • CVE-2013-1633
Published
2013-08-06T02:52:10Z
Modified
2026-04-21T04:29:15.103110Z
Summary
CVE-2013-1633 affecting package python-pip 24.2-6
Details

easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.

References

Affected packages

Azure Linux:3 / python-pip

Package

Name
python-pip
Purl
pkg:rpm/azure-linux/python-pip

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
24.2-6

Database specific

source
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-41159.json"