Guillaume Gauvrit

1 exploit Active since Aug 2013
CVE-2013-1630 WRITEUP WRITEUP
pyshop < 0.7.1 - Remote Code Execution via Unverified HTTP Package Download
pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a download operation.