Python/setuptools/0.6c7
Easily download, build, install, upgrade, and uninstall Python packages
https://pypi.org/project/setuptools
PSF-2.0
OR
ZPL-2.1
3 Security Vulnerabilities
Setuptools vulnerable to Man-in-the-middle attacks
- https://nvd.nist.gov/vuln/detail/CVE-2013-1633
- https://pypi.python.org/pypi/setuptools/0.9.8#changes
- http://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a/
- https://github.com/advisories/GHSA-27x4-j476-jp5f
- https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2013-22.yaml
- http://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a
easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
setuptools vulnerable to Command Injection via package URL
A vulnerability in the package_index
module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)
- https://nvd.nist.gov/vuln/detail/CVE-2022-40897
- https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200
- https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
- https://github.com/pypa/setuptools/issues/3659
- https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be
- https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1
- https://pyup.io/vulnerabilities/CVE-2022-40897/52495/
- https://setuptools.pypa.io/en/latest/
- https://github.com/advisories/GHSA-r9hx-vwmv-q579
- https://security.netapp.com/advisory/ntap-20230214-0001/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H
- https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
- https://pyup.io/vulnerabilities/CVE-2022-40897/52495
- https://security.netapp.com/advisory/ntap-20230214-0001
- https://security.netapp.com/advisory/ntap-20240621-0006
- https://setuptools.pypa.io/en/latest
- https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2022-43012.yaml
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in package_index
. This has been patched in version 65.5.1.
583 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
49.2.0 | MIT | 2 | 2020-07-12 - 16:20 | over 4 years |
49.1.3 | MIT | 2 | 2020-07-12 - 09:25 | over 4 years |
49.1.2 | MIT | 2 | 2020-07-11 - 06:31 | over 4 years |
49.1.1 | MIT | 2 | 2020-07-10 - 18:19 | over 4 years |
49.1.0 | MIT | 2 | 2020-07-03 - 22:29 | over 4 years |
49.0.1 | MIT | 2 | 2020-07-05 - 20:52 | over 4 years |
49.0.0 | MIT | 2 | 2020-07-03 - 19:47 | over 4 years |
48.0.0 | MIT | 2 | 2020-07-03 - 15:19 | over 4 years |
47.3.2 | MIT | 2 | 2020-07-03 - 09:17 | over 4 years |
47.3.1 | MIT | 2 | 2020-06-16 - 21:39 | over 4 years |
47.3.0 | MIT | 2 | 2020-06-15 - 20:55 | over 4 years |
47.2.0 | MIT | 2 | 2020-06-15 - 13:07 | over 4 years |
47.1.1 | MIT | 2 | 2020-05-29 - 01:21 | over 4 years |
47.1.0 | MIT | 2 | 2020-05-28 - 12:03 | over 4 years |
47.0.0 | MIT | 2 | 2020-05-28 - 11:36 | over 4 years |
46.4.0 | MIT | 2 | 2020-05-17 - 02:30 | over 4 years |
46.3.1 | MIT | 2 | 2020-05-15 - 10:18 | over 4 years |
46.3.0 | MIT | 2 | 2020-05-13 - 16:02 | over 4 years |
46.2.0 | MIT | 2 | 2020-05-10 - 21:47 | over 4 years |
46.1.3 | MIT | 2 | 2020-03-25 - 18:31 | over 4 years |
46.1.2 | MIT | 2 | 2020-03-25 - 15:10 | over 4 years |
46.1.1 | MIT | 2 | 2020-03-21 - 19:06 | over 4 years |
46.1.0 | MIT | 2 | 2020-03-21 - 19:00 | over 4 years |
46.0.0 | MIT | 2 | 2020-03-08 - 19:57 | over 4 years |
45.3.0 | MIT | 2 | 2020-03-07 - 20:00 | over 4 years |
45.2.0 | MIT | 2 | 2020-02-09 - 04:24 | over 4 years |
45.1.0 | MIT | 2 | 2020-01-19 - 16:02 | almost 5 years |
45.0.0 | MIT | 2 | 2020-01-12 - 04:44 | almost 5 years |
44.1.1 | MIT | 2 | 2020-05-29 - 01:06 | over 4 years |
44.1.0 | MIT | 2 | 2020-03-21 - 18:47 | over 4 years |
44.0.0 | MIT | 2 | 2020-01-01 - 23:41 | almost 5 years |
43.0.0 | MIT | 2 | 2019-12-31 - 18:24 | almost 5 years |
42.0.2 | MIT | 2 | 2019-12-01 - 15:13 | almost 5 years |
42.0.1 | MIT | 2 | 2019-11-25 - 11:19 | almost 5 years |
42.0.0 | MIT | 2 | 2019-11-23 - 19:53 | almost 5 years |
41.6.0 | MIT | 2 | 2019-10-29 - 14:01 | about 5 years |
41.5.1 | MIT | 2 | 2019-10-28 - 18:20 | about 5 years |
41.5.0 | MIT | 2 | 2019-10-27 - 22:50 | about 5 years |
41.4.0 | MIT | 2 | 2019-10-07 - 01:39 | about 5 years |
41.3.0 | MIT | 2 | 2019-10-07 - 01:34 | about 5 years |
41.2.0 | MIT | 2 | 2019-08-21 - 08:58 | about 5 years |
41.1.0 | MIT | 2 | 2019-08-13 - 17:51 | about 5 years |
41.0.1 | MIT | 2 | 2019-04-22 - 20:18 | over 5 years |
41.0.0 | MIT | 2 | 2019-04-05 - 17:33 | over 5 years |
40.9.0 | MIT | 2 | 2019-04-03 - 18:54 | over 5 years |
40.8.0 | MIT | 2 | 2019-02-05 - 18:20 | over 5 years |
40.7.3 | MIT | 2 | 2019-02-03 - 15:41 | almost 6 years |
40.7.2 | MIT | 2 | 2019-02-01 - 02:05 | almost 6 years |
40.7.1 | MIT | 2 | 2019-01-29 - 00:18 | almost 6 years |
40.7.0 | MIT | 2 | 2019-01-27 - 14:22 | almost 6 years |
40.6.3 | MIT | 2 | 2018-12-11 - 19:51 | almost 6 years |
40.6.2 | MIT | 2 | 2018-11-13 - 09:45 | almost 6 years |
40.6.1 | MIT | 2 | 2018-11-13 - 04:18 | almost 6 years |
40.6.0 | MIT | 2 | 2018-11-12 - 21:32 | almost 6 years |
40.5.0 | MIT | 2 | 2018-10-26 - 15:49 | about 6 years |
40.4.3 | MIT | 2 | 2018-09-23 - 14:30 | about 6 years |
40.4.2 | MIT | 2 | 2018-09-21 - 17:22 | about 6 years |
40.4.1 | MIT | 2 | 2018-09-18 - 15:24 | about 6 years |
40.4.0 | MIT | 2 | 2018-09-18 - 13:17 | about 6 years |
40.3.0 | MIT | 2 | 2018-09-16 - 16:28 | about 6 years |
40.2.0 | MIT | 2 | 2018-08-21 - 13:05 | about 6 years |
40.1.1 | MIT | 2 | 2018-08-21 - 12:48 | about 6 years |
40.1.0 | MIT | 2 | 2018-08-17 - 18:58 | about 6 years |
40.0.0 | MIT | 2 | 2018-07-09 - 04:23 | over 6 years |
39.2.0 | MIT | 2 | 2018-05-19 - 19:19 | over 6 years |
39.1.0 | MIT | 2 | 2018-04-28 - 11:26 | over 6 years |
39.0.1 | MIT | 2 | 2018-03-18 - 14:42 | over 6 years |
39.0.0 | MIT | 2 | 2018-03-17 - 18:56 | over 6 years |
38.7.0 | MIT | 2 | 2018-03-17 - 14:40 | over 6 years |
38.6.1 | MIT | 2 | 2018-03-17 - 14:33 | over 6 years |
38.6.0 | MIT | 2 | 2018-03-15 - 22:49 | over 6 years |
38.5.2 | MIT | 2 | 2018-03-06 - 17:18 | over 6 years |
38.5.1 | MIT | 2 | 2018-02-06 - 10:58 | over 6 years |
38.5.0 | MIT | 2 | 2018-02-04 - 23:00 | almost 7 years |
38.4.1 | MIT | 2 | 2018-02-03 - 14:38 | almost 7 years |
38.4.0 | MIT | 2 | 2018-01-05 - 13:40 | almost 7 years |
38.3.0 | MIT | 2 | 2018-01-05 - 02:03 | almost 7 years |
38.2.5 | MIT | 2 | 2017-12-25 - 01:26 | almost 7 years |
38.2.4 | MIT | 2 | 2017-12-04 - 17:18 | almost 7 years |
38.2.3 | MIT | 2 | 2017-11-27 - 23:42 | almost 7 years |
38.2.1 | MIT | 2 | 2017-11-26 - 22:26 | almost 7 years |
38.2.0 | MIT | 2 | 2017-11-26 - 18:53 | almost 7 years |
38.1.0 | MIT | 2 | 2017-11-25 - 15:42 | almost 7 years |
38.0.0 | MIT | 2 | 2017-11-25 - 14:54 | almost 7 years |
37.0.0 | MIT | 2 | 2017-11-20 - 18:23 | almost 7 years |
36.8.0 | MIT | 2 | 2017-11-20 - 02:48 | almost 7 years |
36.7.2 | MIT | 2 | 2017-11-13 - 15:09 | almost 7 years |
36.7.1 | MIT | 2 | 2017-11-11 - 05:32 | almost 7 years |
36.7.0 | MIT | 2 | 2017-11-10 - 01:50 | almost 7 years |
36.6.1 | MIT | 2 | 2017-11-10 - 01:31 | almost 7 years |
36.6.0 | MIT | 2 | 2017-10-12 - 09:34 | about 7 years |
36.5.0 | MIT | 2 | 2017-09-15 - 14:24 | about 7 years |
36.4.0 | MIT | 2 | 2017-09-03 - 18:27 | about 7 years |
36.3.0 | MIT | 2 | 2017-08-28 - 13:54 | about 7 years |
36.2.7 | MIT | 2 | 2017-08-01 - 22:41 | over 7 years |
36.2.6 | MIT | 2 | 2017-07-31 - 23:25 | over 7 years |
36.2.5 | MIT | 2 | 2017-07-31 - 01:52 | over 7 years |
36.2.4 | MIT | 2 | 2017-07-26 - 19:24 | over 7 years |
36.2.3 | MIT | 2 | 2017-07-26 - 01:19 | over 7 years |
36.2.2 | MIT | 2 | 2017-07-24 - 13:55 | over 7 years |