2 matches found
CVE-2013-1633
CVE-2013-1633 affects setuptools’ easy_install, where prior to version 0.7 it retrieved packages over HTTP without integrity checks, enabling MITM execution of arbitrary code. Affected component: python-setuptools/setuptools. Impact: remote code execution via crafted responses. Root cause: lack o...
CVE-2026-59890
Setuptools vulnerability CVE-2026-59890 affects the setuptools sdist packaging logic. Prior to 83.0.0, FileList exclusions (MANIFEST.in exclude, global-exclude, recursive-exclude, prune) were matched against on-disk file names without Unicode normalization, so an NFD filename on macOS APFS/HFS+ c...