VYPR
Medium severity5.9NVD Advisory· Published Nov 5, 2019· Updated Jun 16, 2026

CVE-2013-5123

CVE-2013-5123

Description

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pipPyPI
< 1.51.5

Affected products

16

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.