Search CVE reports
31 – 31 of 31 results
Ignored
pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a "pip...
2 affected packages
python-pip, python-virtualenv
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | — | — | — | Not affected |
| python-virtualenv | — | — | — | Not affected |