Lucene search
K

103 matches found

OSV
OSV
added 2025/06/13 6:13 a.m.10 views

BIT-SETUPTOOLS-2025-47273 setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with...

8.8CVSS7.8AI score0.01479EPSS
Exploits4References6
Amazon
Amazon
added 2025/06/12 12:0 a.m.3 views

Important: python-setuptools

Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...

8.8CVSS8.2AI score0.01479EPSS
Exploits4
Amazon
Amazon
added 2025/06/12 12:0 a.m.5 views

Important: python-setuptools

Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...

8.8CVSS8.2AI score0.01479EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2025/06/12 12:0 a.m.2 views

Amazon Linux 2023 : python3.11-setuptools, python3.11-setuptools-wheel (ALAS2023-2025-1003)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1003 advisory. setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version...

8.8CVSS7.8AI score0.01479EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2025/06/12 12:0 a.m.4 views

Amazon Linux 2 : python-setuptools (ALAS-2025-2876)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2876 advisory. setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version...

8.8CVSS7.8AI score0.01479EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2025/06/12 12:0 a.m.2 views

Amazon Linux 2023 : python3.12-setuptools, python3.12-setuptools-wheel (ALAS2023-2025-1004)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1004 advisory. setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version...

8.8CVSS7.8AI score0.01479EPSS
Exploits4References4
Amazon
Amazon
added 2025/06/10 12:0 a.m.5 views

Important: python3.12-setuptools

Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...

8.8CVSS8.2AI score0.01479EPSS
Exploits4
Amazon
Amazon
added 2025/06/10 12:0 a.m.6 views

Important: python3.11-setuptools

Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...

8.8CVSS8.2AI score0.01479EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2025/06/09 12:0 a.m.7 views

NewStart CGSL MAIN 7.02 : python-setuptools Vulnerability (NS-SA-2025-0086)

The remote NewStart CGSL host, running version MAIN 7.02, has python-setuptools packages installed that are affected by a vulnerability: - A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These...

8.8CVSS7.7AI score0.01939EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/05/29 12:0 a.m.10 views

Ubuntu: Security Advisory (USN-7544-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.6AI score0.01479EPSS
Exploits4References2
Ubuntu
Ubuntu
added 2025/05/28 7:34 p.m.7 views

USN-7544-1: Setuptools vulnerability

It was discovered that setuptools did not properly sanitize paths. An attacker could possibly use this issue to write files to arbitrary locations on the filesystem...

8.8CVSS7.2AI score0.01479EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2025/05/28 12:0 a.m.9 views

Debian dla-4183 : python-setuptools-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4183 advisory. [email protected] Subject: SECURITY DLA 4183-1 setuptools security update - ------------------------------------------------------------------------- Debian L...

8.8CVSS8.1AI score0.01479EPSS
Exploits4References4
OpenVAS
OpenVAS
added 2025/05/28 12:0 a.m.5 views

openSUSE Security Advisory (SUSE-SU-2025:01709-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.5AI score0.01479EPSS
Exploits4References4
RedhatCVE
RedhatCVE
added 2025/05/19 4:36 p.m.9 views

CVE-2025-47273

A flaw was found in the setuptools Python package, specifically within its PackageIndex component. This flaw allows for path traversal, enabling an attacker to write files to arbitrary locations on the filesystem. Successful exploitation could lead to data integrity compromise or system compromis...

6.5CVSS6.2AI score0.01479EPSS
Exploits4References7
OpenVAS
OpenVAS
added 2025/05/19 12:0 a.m.5 views

Huawei EulerOS: Security Advisory for python-setuptools (EulerOS-SA-2025-1488)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9AI score0.01939EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/05/17 4:15 p.m.4 views

aaiopay (>=0.2.1 <=0.2.2), abc-xml-converter (>=1.0.0 <=1.0.1) +4007 more potentially affected by CVE-2025-47273 via setuptools (>=15.2.0 <=78.1.0)

setuptools PYPI version =15.2.0, =0.2.1, =1.0.0, =0.0.1, =0.1.18, =0.0.1, =0.1.0, =0.1.0, =0.2.6, =0.0.1, =1.6.0, =3.0.1 and more Source cves: CVE-2025-47273 Source advisory: OSV:PYSEC-2025-49...

8.8CVSS6.7AI score0.01479EPSS
Exploits4
NVD
NVD
added 2025/05/17 4:15 p.m.17 views

CVE-2025-47273

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with...

8.8CVSS0.01479EPSS
Exploits4References5
CVE
CVE
added 2025/05/17 3:46 p.m.720 views

CVE-2025-47273

CVE-2025-47273 affects setuptools by a path traversal in PackageIndex prior to 78.1.1, allowing writing files to arbitrary locations with the process’s permissions and potentially enabling remote code execution in context. Affected: setuptools package (Python ecosystem). The issue is fixed in ver...

8.8CVSS7.5AI score0.01479EPSS
Exploits4References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/17 3:46 p.m.8 views

CVE-2025-47273 setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with...

8.7CVSS7.4AI score0.01479EPSS
Exploits4References4
Positive Technologies
Positive Technologies
added 2025/05/17 12:0 a.m.6 views

PT-2025-21795

Name of the Vulnerable Software and Affected Versions setuptools versions prior to 78.1.1 Description A path traversal vulnerability in PackageIndex was found in setuptools. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process...

9CVSS8.3AI score0.01479EPSS
Exploits4References176
Rows per page
Query Builder