VYPR
Moderate severityNVD Advisory· Published Aug 17, 2013· Updated Jun 16, 2026

CVE-2013-1888

CVE-2013-1888

Description

pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pipPyPI
< 1.31.3

Affected products

5
  • cpe:2.3:a:pypa:pip:*:*:*:*:*:*:*:*
    Range: <1.3
  • cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 1.3

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.