CVE-2013-1888
NONE
Published Aug 17, 201312y ago · Modified Jun 16, 20262w ago
Published Aug 17, 2013 12y ago
Last Modified Jun 16, 2026 2w ago
Description
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-59
Affected Products 4
| Vendor | Product | Version | Range |
|---|---|---|---|
| pypa | pip | * | <1.3 |
| fedoraproject | fedora | 17 | any |
| fedoraproject | fedora | 18 | any |
| fedoraproject | fedora | 19 | any |
References 7
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105952.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105989.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106311.html
- openwall.com http://www.openwall.com/lists/oss-security/2013/03/22/10
- github.com https://github.com/pypa/pip/issues/725
- github.com https://github.com/pypa/pip/pull/734/files
- github.com https://github.com/pypa/pip/pull/780/files
Remediation
- github.com https://github.com/pypa/pip/pull/734/files
- github.com https://github.com/pypa/pip/pull/780/files