Python/setuptools/0.6c5
Easily download, build, install, upgrade, and uninstall Python packages
https://pypi.org/project/setuptools
PSF-2.0
OR
ZPL-2.1
2 Security Vulnerabilities
Setuptools vulnerable to Man-in-the-middle attacks
easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)
- https://nvd.nist.gov/vuln/detail/CVE-2022-40897
- https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200
- https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
- https://github.com/pypa/setuptools/issues/3659
- https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be
- https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1
- https://pyup.io/vulnerabilities/CVE-2022-40897/52495/
- https://setuptools.pypa.io/en/latest/
- https://github.com/advisories/GHSA-r9hx-vwmv-q579
- https://security.netapp.com/advisory/ntap-20230214-0001/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H
- https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
- https://pyup.io/vulnerabilities/CVE-2022-40897/52495
- https://security.netapp.com/advisory/ntap-20230214-0001
- https://security.netapp.com/advisory/ntap-20240621-0006
- https://setuptools.pypa.io/en/latest
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in package_index
. This has been patched in version 65.5.1.
561 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
33.1.0 | MIT | 1 | 2017-01-15 - 15:47 | over 7 years |
32.3.1 | MIT | 1 | 2016-12-29 - 02:06 | over 7 years |
32.3.0 | MIT | 1 | 2016-12-24 - 19:30 | over 7 years |
32.2.0 | MIT | 1 | 2016-12-22 - 14:40 | over 7 years |
32.1.3 | MIT | 1 | 2016-12-21 - 19:50 | over 7 years |
32.1.2 | MIT | 1 | 2016-12-18 - 22:08 | over 7 years |
32.1.1 | MIT | 1 | 2016-12-18 - 16:58 | over 7 years |
32.1.0 | MIT | 1 | 2016-12-16 - 15:36 | over 7 years |
32.0.0 | MIT | 1 | 2016-12-15 - 01:53 | over 7 years |
31.0.1 | MIT | 1 | 2016-12-14 - 13:41 | over 7 years |
31.0.0 | MIT | 1 | 2016-12-11 - 23:33 | over 7 years |
30.4.0 | MIT | 1 | 2016-12-10 - 16:39 | over 7 years |
30.3.0 | MIT | 1 | 2016-12-08 - 15:25 | over 7 years |
30.2.1 | MIT | 1 | 2016-12-08 - 15:02 | over 7 years |
30.2.0 | MIT | 1 | 2016-12-04 - 15:55 | over 7 years |
30.1.0 | MIT | 1 | 2016-12-03 - 15:20 | over 7 years |
30.0.0 | MIT | 1 | 2016-12-01 - 16:41 | over 7 years |
29.0.1 | MIT | 1 | 2016-11-27 - 03:36 | over 7 years |
29.0.0 | MIT | 1 | 2016-11-26 - 04:47 | over 7 years |
28.8.1 | MIT | 1 | 2016-11-27 - 03:26 | over 7 years |
28.8.0 | MIT | 1 | 2016-11-04 - 19:38 | over 7 years |
28.7.1 | MIT | 1 | 2016-10-30 - 02:40 | over 7 years |
28.7.0 | MIT | 1 | 2016-10-28 - 17:55 | over 7 years |
28.6.1 | MIT | 1 | 2016-10-19 - 15:40 | over 7 years |
28.6.0 | MIT | 1 | 2016-10-16 - 16:41 | over 7 years |
28.5.0 | MIT | 1 | 2016-10-15 - 03:16 | over 7 years |
28.4.0 | MIT | 1 | 2016-10-14 - 20:47 | over 7 years |
28.3.0 | MIT | 1 | 2016-10-07 - 15:31 | over 7 years |
28.2.0 | MIT | 1 | 2016-10-02 - 14:25 | over 7 years |
28.1.0 | MIT | 1 | 2016-10-01 - 22:00 | over 7 years |
28.0.0 | MIT | 1 | 2016-09-27 - 19:54 | over 7 years |
27.3.1 | MIT | 1 | 2016-09-27 - 18:49 | over 7 years |
27.3.0 | MIT | 1 | 2016-09-21 - 01:23 | almost 8 years |
27.2.0 | MIT | 1 | 2016-09-14 - 18:06 | almost 8 years |
27.1.2 | MIT | 1 | 2016-09-09 - 15:59 | almost 8 years |
27.1.0 | MIT | 1 | 2016-09-09 - 14:56 | almost 8 years |
27.0.0 | MIT | 1 | 2016-09-09 - 14:15 | almost 8 years |
26.1.1 | MIT | 1 | 2016-08-29 - 20:49 | almost 8 years |
26.1.0 | MIT | 1 | 2016-08-29 - 14:06 | almost 8 years |
26.0.0 | MIT | 1 | 2016-08-20 - 22:28 | almost 8 years |
25.4.0 | MIT | 1 | 2016-08-19 - 20:13 | almost 8 years |
25.3.0 | MIT | 1 | 2016-08-19 - 20:02 | almost 8 years |
25.2.0 | MIT | 1 | 2016-08-12 - 19:09 | almost 8 years |
25.1.6 | MIT | 1 | 2016-08-05 - 16:16 | almost 8 years |
25.1.5 | MIT | 1 | 2016-08-05 - 15:24 | almost 8 years |
25.1.4 | MIT | 1 | 2016-08-04 - 11:15 | almost 8 years |
25.1.3 | MIT | 1 | 2016-08-02 - 13:41 | almost 8 years |
25.1.2 | MIT | 1 | 2016-08-01 - 20:34 | almost 8 years |
25.1.1 | MIT | 1 | 2016-07-28 - 19:01 | almost 8 years |
25.1.0 | MIT | 1 | 2016-07-25 - 17:16 | almost 8 years |
25.0.2 | MIT | 1 | 2016-07-25 - 15:38 | almost 8 years |
25.0.1 | MIT | 1 | 2016-07-25 - 13:08 | almost 8 years |
25.0.0 | MIT | 1 | 2016-07-23 - 08:36 | almost 8 years |
24.3.1 | MIT | 1 | 2016-07-23 - 08:37 | almost 8 years |
24.3.0 | MIT | 1 | 2016-07-21 - 17:09 | almost 8 years |
24.2.1 | MIT | 1 | 2016-07-21 - 12:48 | almost 8 years |
24.2.0 | MIT | 1 | 2016-07-20 - 23:38 | almost 8 years |
24.1.1 | MIT | 1 | 2016-07-20 - 23:29 | almost 8 years |
24.1.0 | MIT | 1 | 2016-07-20 - 16:04 | almost 8 years |
24.0.3 | MIT | 1 | 2016-07-14 - 05:17 | almost 8 years |
24.0.2 | MIT | 1 | 2016-07-04 - 15:26 | almost 8 years |
24.0.1 | MIT | 1 | 2016-07-03 - 16:22 | almost 8 years |
24.0.0 | MIT | 1 | 2016-07-02 - 17:34 | almost 8 years |
23.2.1 | MIT | 1 | 2016-07-02 - 16:28 | almost 8 years |
23.2.0 | MIT | 1 | 2016-07-02 - 14:18 | almost 8 years |
23.1.0 | MIT | 1 | 2016-06-24 - 14:22 | about 8 years |
23.0.0 | MIT | 1 | 2016-06-09 - 19:20 | about 8 years |
22.0.5 | MIT | 1 | 2016-06-03 - 15:50 | about 8 years |
22.0.4 | MIT | 1 | 2016-06-03 - 15:25 | about 8 years |
22.0.2 | MIT | 1 | 2016-06-03 - 14:05 | about 8 years |
22.0.1 | MIT | 1 | 2016-06-03 - 13:57 | about 8 years |
22.0.0 | MIT | 1 | 2016-06-01 - 13:10 | about 8 years |
21.2.2 | MIT | 1 | 2016-05-29 - 16:26 | about 8 years |
21.2.1 | MIT | 1 | 2016-05-22 - 20:14 | about 8 years |
21.2.0 | MIT | 1 | 2016-05-21 - 15:44 | about 8 years |
21.1.0 | MIT | 1 | 2016-05-19 - 00:23 | about 8 years |
21.0.0 | MIT | 1 | 2016-05-02 - 13:42 | about 8 years |
20.10.1 | MIT | 1 | 2016-04-25 - 14:29 | about 8 years |
20.9.0 | MIT | 1 | 2016-04-16 - 08:59 | about 8 years |
20.8.1 | MIT | 1 | 2016-04-15 - 07:07 | about 8 years |
20.8.0 | MIT | 1 | 2016-04-15 - 06:41 | about 8 years |
20.7.0 | MIT | 1 | 2016-04-10 - 19:24 | about 8 years |
20.6.8 | MIT | 1 | 2016-05-09 - 21:11 | about 8 years |
20.6.7 | MIT | 1 | 2016-03-31 - 14:49 | about 8 years |
20.6.6 | MIT | 1 | 2016-03-31 - 02:12 | about 8 years |
20.4 | MIT | 1 | 2016-03-29 - 16:29 | about 8 years |
20.3.1 | MIT | 1 | 2016-03-18 - 15:14 | over 8 years |
20.3 | MIT | 1 | 2016-03-15 - 21:11 | over 8 years |
20.2.2 | MIT | 1 | 2016-02-27 - 14:49 | over 8 years |
20.1.1 | MIT | 1 | 2016-02-12 - 16:12 | over 8 years |
20.1 | MIT | 1 | 2016-02-12 - 04:49 | over 8 years |
20.0 | MIT | 1 | 2016-02-07 - 14:41 | over 8 years |
19.7 | MIT | 1 | 2016-02-03 - 13:21 | over 8 years |
19.6.2 | MIT | 1 | 2016-01-31 - 09:51 | over 8 years |
19.6.1 | MIT | 1 | 2016-01-28 - 18:17 | over 8 years |
19.6 | MIT | 1 | 2016-01-25 - 00:52 | over 8 years |
19.5 | MIT | 1 | 2016-01-24 - 02:27 | over 8 years |
19.4.1 | PSF-2.0 OR ZPL-2.1 | 1 | 2016-01-23 - 23:31 | over 8 years |
19.4 | PSF-2.0 OR ZPL-2.1 | 1 | 2016-01-16 - 22:39 | over 8 years |
19.3 | PSF-2.0 OR ZPL-2.1 | 1 | 2016-01-16 - 01:07 | over 8 years |