VYPR
High severityNVD Advisory· Published Aug 6, 2013· Updated Jun 16, 2026

CVE-2013-1633

CVE-2013-1633

Description

easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
setuptoolsPyPI
< 0.70.7

Affected products

12
  • cpe:2.3:a:python:setuptools:*:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:python:setuptools:*:*:*:*:*:*:*:*range: <=0.7b4
    • cpe:2.3:a:python:setuptools:0.6.40:*:*:*:*:*:*:*
    • cpe:2.3:a:python:setuptools:0.6.41:*:*:*:*:*:*:*
    • cpe:2.3:a:python:setuptools:0.6.42:*:*:*:*:*:*:*
    • cpe:2.3:a:python:setuptools:0.6.43:*:*:*:*:*:*:*
    • cpe:2.3:a:python:setuptools:0.6.44:*:*:*:*:*:*:*
    • cpe:2.3:a:python:setuptools:0.6.45:*:*:*:*:*:*:*
    • cpe:2.3:a:python:setuptools:0.6.46:*:*:*:*:*:*:*
    • cpe:2.3:a:python:setuptools:0.6.47:*:*:*:*:*:*:*
    • cpe:2.3:a:python:setuptools:0.6.48:*:*:*:*:*:*:*
    • cpe:2.3:a:python:setuptools:0.6.49:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 0.7

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.