103 matches found
CBL Mariner 2.0 Security Update: python-setuptools / python3 (CVE-2024-6345)
The version of python-setuptools / python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6345 advisory. - A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allo...
Advisory ROSA-SA-2025-2771
Software: python-setuptools 39.2.0 OS: ROSA Virtualization 3.0 packageevrstring: python-setuptools-39.2.0-8.0.1.rv30 CVE-ID: CVE-2024-6345 BDU-ID: 2024-05843 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the packageindex module of the setuptools project packaging simplification library is...
Security update for SUSE Manager Client Tools and Salt Bundle
This update for SUSE Manager Client Tools and Salt Bundle the following issues: uyuni-tools: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent...
Astra Linux – Vulnerability in setuptools
A vulnerability exists in the packageindex module of pypa/setuptools versions up to 69.1.1, allowing for remote code execution through its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are vulnerable t...
Security update for SUSE Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...
EulerOS 2.0 SP12 : python-setuptools (EulerOS-SA-2024-2803)
According to the versions of the python-setuptools package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download...
Important: python3.11-setuptools
Issue Overview: A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptibl...
pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools
A flaw was found in the packageindex module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to co...
pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools
A flaw was found in the packageindex module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to co...
USN-7002-1: Setuptools vulnerability
It was discovered that setuptools was vulnerable to remote code execution. An attacker could possibly use this issue to execute arbitrary code...
pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools
A flaw was found in the packageindex module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to co...
pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools
A flaw was found in the packageindex module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to co...
aaiopay (>=0.2.1 <=0.2.2), abc-xml-converter (>=1.0.0 <=1.0.1) +2842 more potentially affected by CVE-2024-6345 via setuptools (>=15.2.0 <=69.5.1)
setuptools PYPI version =15.2.0, =0.2.1, =1.0.0, =0.0.1, =0.1.18, =0.0.1, =0.1.0, =0.2.6, =1.6.0, =0.0.3, =0.1.1, =0.1.2 and more Source cves: CVE-2024-6345 Source advisory: OSV:GHSA-CX63-2MW6-8HW5...
AZL-43329 CVE-2024-6345 affecting package python-setuptools for versions less than 69.0.3-4
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
setuptools Code Injection Vulnerability
setuptools is a Python library open-sourced by PyPI. A code injection vulnerability exists in setuptools version 69.1.1 and earlier, which stems from allowing remote code execution via the download function and is vulnerable to code injection attacks...
Medium: python38-setuptools
Issue Overview: Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS in packageindex.py. CVE-2022-40897 Affected Packages:...
Medium: python-setuptools
Issue Overview: Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS in packageindex.py. CVE-2022-40897 Affected Packages:...
GHSA-R9HX-VWMV-Q579 pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)
Python Packaging Authority PyPA's setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerabl...
abn-amro-assessment-2024 (>=0.0.1 <=0.0.5), abn-amro-test (=0.0.1) +1520 more potentially affected by CVE-2022-40897 via setuptools (>=15.2.0 <=65.5.0)
setuptools PYPI version =15.2.0, =0.0.1, =0.1.18, =0.0.1, =0.1.0, =0.2.6, =1.6.0, =0.0.3, =1.1.6, =1.0.1, =0.0.1, =0.0.50, =0.0.6, =0.1.0, =0.1.9 and more Source cves: CVE-2022-40897 Source advisory: OSV:GHSA-R9HX-VWMV-Q579...
abn-amro-assessment-2024 (>=0.0.1 <=0.0.5), abn-amro-test (=0.0.1) +1520 more potentially affected by CVE-2022-40897 via setuptools (>=15.2.0 <=65.5.0)
setuptools PYPI version =15.2.0, =0.0.1, =0.1.18, =0.0.1, =0.1.0, =0.2.6, =1.6.0, =0.0.3, =1.1.6, =1.0.1, =0.0.1, =0.0.50, =0.0.6, =0.1.0, =0.1.9 and more Source cves: CVE-2022-40897 Source advisory: OSV:PYSEC-2022-43012...