Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Python setuptools easy_install命令任意代码执行漏洞
Vulnerability Description
setuptools是Python软件基金会的Python Enterprise Application Kit(PEAK)的一个副项目,它替换了标准的distutils库,并为Python添加了版本化的包和依赖性管理。PEAK是用来在Python中进行快速组件开发和代码重用的框架。 Python setuptools 0.7之前的版本中的easy_install命令中存在安全漏洞,该漏洞源于程序使用HTTP协议对PyPl存储库中的程序包进行检索时,没有对其内容进行完整性检查。中间人攻击者可通过对产品默认
CVSS Information
N/A
Vulnerability Type
N/A