VYPR

rpm package

suse/python-setuptools&distro=SUSE Linux Enterprise Server 12 SP5

pkg:rpm/suse/python-setuptools&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Vulnerabilities (3)

  • CVE-2024-6345HigJul 15, 2024
    affected < 40.6.2-4.24.1fixed 40.6.2-4.24.1

    A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are suscepti

  • CVE-2022-40897MedDec 23, 2022
    affected < 40.6.2-4.21.1fixed 40.6.2-4.21.1

    Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

  • CVE-2019-20916HigSep 4, 2020
    affected < 40.6.2-4.18.1fixed 40.6.2-4.18.1

    The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _