CVE-2013-1888

NONE
Published Aug 17, 201312y ago · Modified Jun 16, 20262w ago
Find Similar
Published Aug 17, 2013 12y ago
Last Modified Jun 16, 2026 2w ago

Description

pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-59

Affected Products 4

VendorProductVersionRange
pypapip* <1.3
fedoraprojectfedora17any
fedoraprojectfedora18any
fedoraprojectfedora19any

References 7

  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105952.html
    Third Party Advisory
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105989.html
    Third Party Advisory
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106311.html
    Third Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2013/03/22/10
    Mailing ListThird Party Advisory
  • github.com https://github.com/pypa/pip/issues/725
    Third Party Advisory
  • github.com https://github.com/pypa/pip/pull/734/files
    PatchThird Party Advisory
  • github.com https://github.com/pypa/pip/pull/780/files
    PatchThird Party Advisory

Remediation

  • github.com https://github.com/pypa/pip/pull/734/files
    PatchThird Party Advisory
  • github.com https://github.com/pypa/pip/pull/780/files
    PatchThird Party Advisory