13 matches found
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
setuptools: Path Traversal Vulnerability in setuptools PackageIndex
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of...
Incorrect Behavior Order
lockfile-lint-api is vulnerable to Incorrect Behavior Order. The vulnerability is due to early validation of the resolved attribute in package URLs, which can be bypassed by extending the package name, allowing attackers to install unintended npm packages...
Huawei EulerOS: Security Advisory for python-setuptools (EulerOS-SA-2024-2894)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
BIT-SETUPTOOLS-2024-6345 Remote Code Execution in pypa/setuptools
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
Code Injection
setuptools is vulnerable to Code Injection. The vulnerability is due to the packageindex module's download function, which can execute arbitrary OS commands when exposed to user-controlled inputs such as package URLs...
CVE-2024-6345
A flaw was found in the packageindex module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to co...
GHSA-CX63-2MW6-8HW5 setuptools vulnerable to Command Injection via package URL
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
CVE-2024-6345
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
CVE-2024-6345
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
CVE-2024-6345 Remote Code Execution in pypa/setuptools
A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...
CVE-2024-6345
CVE-2024-6345 affects the setuptools package_index module in setuptools versions up to 69.1.1, enabling remote code execution through user-controlled package download inputs. The vulnerability stems from download functions that can be fed URLs from users or index servers, allowing arbitrary comma...
Fedora 27 : composer (2018-9d1ff4b802)
Version 1.6.4 - 2018-04-13 - Security fixes in some edge case scenarios, recommended update for all users - Fixed regression in version guessing of path repositories - Fixed removing aliased packages from the repository, which might resolve some odd update bugs - Fixed updating of package URLs fo...