CVE-2013-1888
pip < 1.3 - Arbitrary File Overwrite via Symlink Attack on Temporary Directory
Title source: llmDescription
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
References (7)
Core 7
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/03/22/10
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105989.html
Patch, Third Party Advisory x_refsource_confirm
https://github.com/pypa/pip/pull/734/files
Patch, Third Party Advisory x_refsource_confirm
https://github.com/pypa/pip/pull/780/files
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105952.html
Third Party Advisory x_refsource_confirm
https://github.com/pypa/pip/issues/725
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106311.html
Scores
EPSS
0.0036
EPSS Percentile
28.1%
Details
CWE
CWE-59
Status
published
Products (5)
fedoraproject/fedora
17
fedoraproject/fedora
18
fedoraproject/fedora
19
pypa/pip
< 1.3
pypi/pip
0 - 1.3PyPI
Published
Aug 17, 2013
Tracked Since
Feb 18, 2026