3 matches found
CVE-2025-47273
CVE-2025-47273 affects setuptools by a path traversal in PackageIndex prior to 78.1.1, allowing writing files to arbitrary locations with the process’s permissions and potentially enabling remote code execution in context. Affected: setuptools package (Python ecosystem). The issue is fixed in ver...
CVE-2022-40897
CVE-2022-40897 affects Python setuptools (PyPA) prior to 65.5.1, enabling a Regular Expression Denial of Service (ReDoS) via HTML in crafted PackageIndex content (package_index.py). Affected component is setuptools; impact is DoS with potential availability disruption. Remediation shown across mu...
CVE-2026-59890
Setuptools vulnerability CVE-2026-59890 affects the setuptools sdist packaging logic. Prior to 83.0.0, FileList exclusions (MANIFEST.in exclude, global-exclude, recursive-exclude, prune) were matched against on-disk file names without Unicode normalization, so an NFD filename on macOS APFS/HFS+ c...