First published: Fri Aug 16 2013(Updated: )
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
pypa pip | <1.3 | |
Fedoraproject Fedora | =17 | |
Fedoraproject Fedora | =18 | |
Fedoraproject Fedora | =19 | |
pip/pip | <1.3 | 1.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.