{"id":"PYSEC-2013-9","details":"pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.","aliases":["CVE-2013-1888","GHSA-4gv5-qhvr-36vv"],"modified":"2023-11-08T03:57:16.010568Z","published":"2013-08-17T06:54:00Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2013/03/22/10"},{"type":"WEB","url":"https://github.com/pypa/pip/pull/734/files"},{"type":"REPORT","url":"https://github.com/pypa/pip/issues/725"},{"type":"WEB","url":"https://github.com/pypa/pip/pull/780/files"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105952.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105989.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106311.html"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-4gv5-qhvr-36vv"}],"affected":[{"package":{"name":"pip","ecosystem":"PyPI","purl":"pkg:pypi/pip"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3"}]}],"versions":["0.2","0.2.1","0.3","0.3.1","0.4","0.5","0.5.1","0.6","0.6.1","0.6.2","0.6.3","0.7","0.7.1","0.7.2","0.8","0.8.1","0.8.2","0.8.3","1.0","1.0.1","1.0.2","1.1","1.2","1.2.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pip/PYSEC-2013-9.yaml"}}],"schema_version":"1.7.3"}