VYPR

apk package

chainguard/pypy-bootstrap

pkg:apk/chainguard/pypy-bootstrap

Vulnerabilities (4)

  • CVE-2024-6345HigJul 15, 2024
    affected < 7.3.18-r1fixed 7.3.18-r1

    A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are suscepti

  • CVE-2023-5752Oct 24, 2023
    affected < 7.3.18-r1fixed 7.3.18-r1

    When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can m

  • CVE-2022-40897Dec 22, 2022
    affected < 7.3.18-r1fixed 7.3.18-r1

    Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

  • CVE-2021-3572Nov 10, 2021
    affected < 7.3.18-r1fixed 7.3.18-r1

    A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip