apk package
chainguard/pypy-bootstrap
pkg:apk/chainguard/pypy-bootstrap
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-6345 | Hig | 8.8 | < 7.3.18-r1 | 7.3.18-r1 | Jul 15, 2024 | A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are suscepti | |
| CVE-2023-5752 | — | < 7.3.18-r1 | 7.3.18-r1 | Oct 24, 2023 | When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can m | ||
| CVE-2022-40897 | — | < 7.3.18-r1 | 7.3.18-r1 | Dec 22, 2022 | Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. | ||
| CVE-2021-3572 | — | < 7.3.18-r1 | 7.3.18-r1 | Nov 10, 2021 | A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip |
- affected < 7.3.18-r1fixed 7.3.18-r1
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are suscepti
- CVE-2023-5752Oct 24, 2023affected < 7.3.18-r1fixed 7.3.18-r1
When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can m
- CVE-2022-40897Dec 22, 2022affected < 7.3.18-r1fixed 7.3.18-r1
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
- CVE-2021-3572Nov 10, 2021affected < 7.3.18-r1fixed 7.3.18-r1
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip