Medium severity5.9NVD Advisory· Published Nov 5, 2019· Updated Jun 16, 2026
CVE-2013-5123
CVE-2013-5123
Description
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pipPyPI | < 1.5 | 1.5 |
Affected products
16- Python/Pipdescription
- ghsa-coords15 versionspkg:pypi/pippkg:rpm/opensuse/python2-pip&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-pip&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python39-pip&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/python39-setuptools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/python-jmespath&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-jsonschema&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-pip&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-pip&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-ply&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/python-ply&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-ply&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python-ply&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python-ply&distro=SUSE%20OpenStack%20Cloud%207
< 1.5+ 14 more
- (no CPE)range: < 1.5
- (no CPE)range: < 20.0.2-2.6
- (no CPE)range: < 9.0.1-1.1
- (no CPE)range: < 20.2.4-7.5.1
- (no CPE)range: < 44.1.1-7.3.1
- (no CPE)range: < 0.9.2-10.6.1
- (no CPE)range: < 2.2.0-3.3.1
- (no CPE)range: < 1.18.5-2.15.1
- (no CPE)range: < 10.0.1-11.6.1
- (no CPE)range: < 10.0.1-11.6.1
- (no CPE)range: < 3.4-3.3.1
- (no CPE)range: < 3.4-3.3.1
- (no CPE)range: < 3.4-3.3.1
- (no CPE)range: < 3.4-3.3.1
- (no CPE)range: < 3.4-3.3.1
Patches
Vulnerability mechanics
References
11- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.htmlnvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2013/08/21/17nvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2013/08/21/18nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/77520nvdBroken LinkThird Party AdvisoryVDB Entry
- bugzilla.suse.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-c5h8-cq4v-cvfmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-5123ghsaADVISORY
- security-tracker.debian.org/tracker/CVE-2013-5123nvdThird Party AdvisoryWEB
- github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2019-160.yamlghsaWEB
News mentions
0No linked articles in our index yet.