103 matches found
BIT-SETUPTOOLS-2025-47273 setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with...
Important: python-setuptools
Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...
Important: python-setuptools
Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...
Amazon Linux 2023 : python3.11-setuptools, python3.11-setuptools-wheel (ALAS2023-2025-1003)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1003 advisory. setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version...
Amazon Linux 2 : python-setuptools (ALAS-2025-2876)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2876 advisory. setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version...
Amazon Linux 2023 : python3.12-setuptools, python3.12-setuptools-wheel (ALAS2023-2025-1004)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1004 advisory. setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version...
Important: python3.12-setuptools
Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...
Important: python3.11-setuptools
Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...
NewStart CGSL MAIN 7.02 : python-setuptools Vulnerability (NS-SA-2025-0086)
The remote NewStart CGSL host, running version MAIN 7.02, has python-setuptools packages installed that are affected by a vulnerability: - A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These...
Ubuntu: Security Advisory (USN-7544-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7544-1: Setuptools vulnerability
It was discovered that setuptools did not properly sanitize paths. An attacker could possibly use this issue to write files to arbitrary locations on the filesystem...
Debian dla-4183 : python-setuptools-doc - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4183 advisory. [email protected] Subject: SECURITY DLA 4183-1 setuptools security update - ------------------------------------------------------------------------- Debian L...
openSUSE Security Advisory (SUSE-SU-2025:01709-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-47273
A flaw was found in the setuptools Python package, specifically within its PackageIndex component. This flaw allows for path traversal, enabling an attacker to write files to arbitrary locations on the filesystem. Successful exploitation could lead to data integrity compromise or system compromis...
Huawei EulerOS: Security Advisory for python-setuptools (EulerOS-SA-2025-1488)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
aaiopay (>=0.2.1 <=0.2.2), abc-xml-converter (>=1.0.0 <=1.0.1) +4007 more potentially affected by CVE-2025-47273 via setuptools (>=15.2.0 <=78.1.0)
setuptools PYPI version =15.2.0, =0.2.1, =1.0.0, =0.0.1, =0.1.18, =0.0.1, =0.1.0, =0.1.0, =0.2.6, =0.0.1, =1.6.0, =3.0.1 and more Source cves: CVE-2025-47273 Source advisory: OSV:PYSEC-2025-49...
CVE-2025-47273
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with...
CVE-2025-47273
CVE-2025-47273 affects setuptools by a path traversal in PackageIndex prior to 78.1.1, allowing writing files to arbitrary locations with the process’s permissions and potentially enabling remote code execution in context. Affected: setuptools package (Python ecosystem). The issue is fixed in ver...
CVE-2025-47273 setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with...
PT-2025-21795
Name of the Vulnerable Software and Affected Versions setuptools versions prior to 78.1.1 Description A path traversal vulnerability in PackageIndex was found in setuptools. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process...