Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/setuptools@0.7
Typepypi
Namespace
Namesetuptools
Version0.7
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version78.1.1
Latest_non_vulnerable_version78.1.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-s5g1-3fpd-akd6
vulnerability_id VCID-s5g1-3fpd-akd6
summary easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
references
0
reference_url https://pypi.python.org/pypi/setuptools/0.9.8#changes
reference_id
reference_type
scores
url https://pypi.python.org/pypi/setuptools/0.9.8#changes
1
reference_url http://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a/
reference_id
reference_type
scores
url http://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a/
fixed_packages
0
url pkg:pypi/setuptools@0.7
purl pkg:pypi/setuptools@0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/setuptools@0.7
aliases CVE-2013-1633, GHSA-27x4-j476-jp5f, PYSEC-2013-22
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s5g1-3fpd-akd6
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/setuptools@0.7