958 matches found
Amazon Linux 2023 : python3.11-setuptools, python3.11-setuptools-wheel (ALAS2023-2024-653)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-653 advisory. A Denial of Service DoS vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to...
SUSE CVE-2024-6345
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
Code Injection
setuptools is vulnerable to Code Injection. The vulnerability is due to the packageindex module's download function, which can execute arbitrary OS commands when exposed to user-controlled inputs such as package URLs...
CVE-2024-6345
A flaw was found in the packageindex module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to co...
setuptools vulnerable to Command Injection via package URL
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
aaiopay (>=0.2.1 <=0.2.2), abc-xml-converter (>=1.0.0 <=1.0.1) +2845 more potentially affected by CVE-2024-6345 via setuptools (>=15.2.0 <=69.5.1)
setuptools PYPI version =15.2.0, =0.2.1, =1.0.0, =0.0.1, =0.1.18, =0.0.1, =0.1.0, =0.2.6, =1.6.0, =0.0.3, =0.1.1, =0.1.2 and more Source cves: CVE-2024-6345 Source advisory: OSV:GHSA-CX63-2MW6-8HW5...
GHSA-CX63-2MW6-8HW5 setuptools vulnerable to Command Injection via package URL
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
GHSA-CX63-2MW6-8HW5 vulnerabilities
Vulnerabilities for packages: az, nvidia-nsight-compute-13.1, nemo, py3.10-pytorch-cuda-12.3, airflow, py3.12-pytorch-cuda-11.8, py3.12-torchvision-cuda-12.3, k8s-sidecar, py3.12-pytorch-cuda-12.3, py3.9-setuptools, py3-cassandra-medusa, py3-pipenv, py3.10-torchvision-cuda-12.3,...
ALPINE-CVE-2024-6345
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
CVE-2024-6345 vulnerabilities
Vulnerabilities for packages: az, nvidia-nsight-compute-13.1, nemo, py3.10-pytorch-cuda-12.3, airflow, py3.12-pytorch-cuda-11.8, py3.12-torchvision-cuda-12.3, k8s-sidecar, py3.12-pytorch-cuda-12.3, py3.9-setuptools, py3-cassandra-medusa, py3-pipenv, py3.10-torchvision-cuda-12.3,...
CVE-2024-6345
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
AZL-60199 CVE-2024-6345 affecting package python3 for versions less than 3.9.19-12
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
AZL-43326 CVE-2024-6345 affecting package python-pip for versions less than 24.2-1
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
DEBIAN-CVE-2024-6345
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
CVE-2024-6345
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
AZL-43329 CVE-2024-6345 affecting package python-setuptools for versions less than 69.0.3-4
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
UBUNTU-CVE-2024-6345
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
CVE-2024-6345
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
CVE-2024-6345
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
CVE-2024-6345 Remote Code Execution in pypa/setuptools
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...