964 matches found
Improper Handling of Unicode Encoding
Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the process that applies exclusion directives from MANIFEST.in due to improper Unicode normalization handling on macOS APFS or HFS+ filesystems. An attacker can cause unintended files to be...
CVE-2026-59890
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...
CVE-2026-59890
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...
CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...
CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...
PT-2026-56503
Name of the Vulnerable Software and Affected Versions setuptools versions prior to 83.0.0 Description setuptools is a package used to download, build, install, upgrade, and uninstall Python packages. The FileList component fails to perform Unicode normalization when matching compiled glob pattern...
ROOT-APP-PYPI-CVE-2024-6345 CVE-2024-6345 in rootio-setuptools - Patched by Root
Root has patched CVE-2024-6345 in the rootio-setuptools package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-47273 CVE-2025-47273 in rootio-setuptools - Patched by Root
Root has patched CVE-2025-47273 in the rootio-setuptools package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2022-40897 CVE-2022-40897 in rootio-setuptools - Patched by Root
Root has patched CVE-2022-40897 in the rootio-setuptools package for Root:PyPI. Multiple fixed versions available...
Security Bulletin: Maximo AI Service uses azure-core 1.37.0 and setuptools 75.8.0 which are vulnerable to CVE-2026-21226 and CVE-2025-47273.
Summary Maximo AI Service uses azure-core 1.37.0 and setuptools 75.8.0 which are vulnerable to CVE-2026-21226 and CVE-2025-47273. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-21226 DESCRIPTION: Deserialization of untrusted da...
Astra Linux – Vulnerability in python-setuptools
Python Packaging Authority PyPA’s setuptools before version 65.5.1 allows remote attackers to cause a denial of service through HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS vulnerability present in packageindex.py...
Astra Linux – Vulnerability in python-setuptools
A vulnerability exists in the packageindex module of pypa/setuptools versions up to 69.1.1, allowing for remote code execution through its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are vulnerable t...
FreeBSD : py-setuptools -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (690144e9-4f88-11f1-982e-00a098b42aeb)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 690144e9-4f88-11f1-982e-00a098b42aeb advisory. https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf reports: setuptools is a...
Security Bulletin: Vulnerability in setuptools affects IBM Netezza Appliance
Summary The setuptools package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-47273 Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in setuptools [CVE-2025-47273]
Summary M Watson Speech Services Cartridge is vulnerable to a path traversal in setuptools, due to an issue that allows users to download, build, install, upgrade, and uninstall Python packages CVE-2025-47273. Setuptools is used in our speech service runtimes. This vulnerabilitiy has been...
NewStart CGSL MAIN 6.06 : python3.11-setuptools Vulnerability (NS-SA-2025-0242)
The remote NewStart CGSL host, running version MAIN 6.06, has python3.11-setuptools packages installed that are affected by a vulnerability: - A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These...
Security Bulletin: IBM Security Verify Directory (Container) is affected by a vulnerability in the setuptools package (CVE-2025-47273)
Summary A vulnerability in the setuptools package used by IBM Security Verify Directory Container has been addressed Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path...
Exploit for Path Traversal in Python Setuptools
HackTheBox - VariaType Machine Writeup !HTBhttps://img.shie...
Security Bulletin: Due to the use of Python setuptools IBM Foundationdb Operator is vulunerable for denial of service attack
Summary IBM Database Operator for FoundationDB contains Python setuptools internally CVE-2022-40897 Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package o...
Exploit for Path Traversal in Python Setuptools
CVE-2025-47273: Path Traversal in setuptools.packageindex...