VYPR

rpm package

opensuse/python-setuptools&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-setuptools&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2024-6345HigJul 15, 2024
    affected < 72.1.0-1.1fixed 72.1.0-1.1

    A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are suscepti

  • CVE-2019-20916HigSep 4, 2020
    affected < 57.4.0-1.2fixed 57.4.0-1.2

    The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _