mardiros/pyshop

Releases32

Frequency1 month 3 weeks

Last Release almost 9 years ago

Stars102

A Private PyPI server written in pyramid

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2013-1630 ↗	Aug 6, 2013Tuesday, 6 August 2013, 02:52	—	6.8 MEDIUM
pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a download operation.