CVE-2013-1888 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	2.1 UNKNOWN	LOCAL	LOW		AV:L/AC:L/Au:N/C:N/I:P/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 16%

Vendor	Product	Version
pypa	pip	𝑥 < 1.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

python-pip

bullseye	20.3.4-4+deb11u1 fixed
bookworm	23.0.1+dfsg-1 fixed
sid	24.3.1+dfsg-1 fixed
trixie	24.3.1+dfsg-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

python-pip

zesty	not-affected
yakkety	not-affected
xenial	not-affected
wily	not-affected
vivid	not-affected
utopic	not-affected
trusty	not-affected
saucy	not-affected
raring	not-affected
quantal	ignored
precise	ignored
oneiric	ignored
lucid	ignored
hardy	dne

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105952.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105989.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106311.html

http://www.openwall.com/lists/oss-security/2013/03/22/10

https://github.com/pypa/pip/issues/725

https://github.com/pypa/pip/pull/734/files

https://github.com/pypa/pip/pull/780/files

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105952.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105989.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106311.html

http://www.openwall.com/lists/oss-security/2013/03/22/10

https://github.com/pypa/pip/issues/725

https://github.com/pypa/pip/pull/734/files

https://github.com/pypa/pip/pull/780/files