Published date: 2024-07-15T03:30:57Z
CVE: CVE-2024-6345
A vulnerability in the package_index
module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
Affected versions:
["0.6b1", "0.6b2", "0.6b3", "0.6b4", "0.6c1", "0.6c10", "0.6c11", "0.6c2", "0.6c3", "0.6c4", "0.6c5", "0.6c6", "0.6c7", "0.6c8", "0.6c9", "0.7.2", "0.7.3", "0.7.4", "0.7.5", "0.7.6", "0.7.7", "0.7.8", "0.8", "0.9", "0.9.1", "0.9.2", "0.9.3", "0.9.4", "0.9.5", "0.9.6", "0.9.7", "0.9.8", "1.0", "1.1", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.1.5", "1.1.6", "1.1.7", "1.2", "1.3", "1.3.1", "1.3.2", "1.4", "1.4.1", "1.4.2", "10.0", "10.0.1", "10.1", "10.2", "10.2.1", "11.0", "11.1", "11.2", "11.3", "11.3.1", "12.0", "12.0.1", "12.0.2", "12.0.3", "12.0.4", "12.0.5", "12.1", "12.2", "12.3", "12.4", "13.0", "13.0.1", "13.0.2", "14.0", "14.1", "14.1.1", "14.2", "14.3", "14.3.1", "15.0", "15.1", "15.2", "16.0", "17.0", "17.1", "17.1.1", "18.0", "18.0.1", "18.1", "18.2", "18.3", "18.3.1", "18.3.2", "18.4", "18.5", "18.6", "18.6.1", "18.7", "18.7.1", "18.8", "18.8.1", "19.0", "19.1", "19.1.1", "19.2", "19.3", "19.4", "19.4.1", "19.5", "19.6", "19.6.1", "19.6.2", "19.7", "2.0", "2.0.1", "2.0.2", "2.1", "2.1.1", "2.1.2", "2.2", "20.0", "20.1", "20.1.1", "20.10.1", "20.2.2", "20.3", "20.3.1", "20.4", "20.6.6", "20.6.7", "20.6.8", "20.7.0", "20.8.0", "20.8.1", "20.9.0", "21.0.0", "21.1.0", "21.2.0", "21.2.1", "21.2.2", "22.0.0", "22.0.1", "22.0.2", "22.0.4", "22.0.5", "23.0.0", "23.1.0", "23.2.0", "23.2.1", "24.0.0", "24.0.1", "24.0.2", "24.0.3", "24.1.0", "24.1.1", "24.2.0", "24.2.1", "24.3.0", "24.3.1", "25.0.0", "25.0.1", "25.0.2", "25.1.0", "25.1.1", "25.1.2", "25.1.3", "25.1.4", "25.1.5", "25.1.6", "25.2.0", "25.3.0", "25.4.0", "26.0.0", "26.1.0", "26.1.1", "27.0.0", "27.1.0", "27.1.2", "27.2.0", "27.3.0", "27.3.1", "28.0.0", "28.1.0", "28.2.0", "28.3.0", "28.4.0", "28.5.0", "28.6.0", "28.6.1", "28.7.0", "28.7.1", "28.8.0", "28.8.1", "29.0.0", "29.0.1", "3.0", "3.0.1", "3.0.2", "3.1", "3.2", "3.3", "3.4", "3.4.1", "3.4.2", "3.4.3", "3.4.4", "3.5", "3.5.1", "3.5.2", "3.6", "3.7", "3.7.1", "3.8", "3.8.1", "30.0.0", "30.1.0", "30.2.0", "30.2.1", "30.3.0", "30.4.0", "31.0.0", "31.0.1", "32.0.0", "32.1.0", "32.1.1", "32.1.2", "32.1.3", "32.2.0", "32.3.0", "32.3.1", "33.1.0", "33.1.1", "34.0.0", "34.0.1", "34.0.2", "34.0.3", "34.1.0", "34.1.1", "34.2.0", "34.3.0", "34.3.1", "34.3.2", "34.3.3", "34.4.0", "34.4.1", "35.0.0", "35.0.1", "35.0.2", "36.0.1", "36.1.0", "36.1.1", "36.2.0", "36.2.1", "36.2.2", "36.2.3", "36.2.4", "36.2.5", "36.2.6", "36.2.7", "36.3.0", "36.4.0", "36.5.0", "36.6.0", "36.6.1", "36.7.0", "36.7.1", "36.7.2", "36.8.0", "37.0.0", "38.0.0", "38.1.0", "38.2.0", "38.2.1", "38.2.3", "38.2.4", "38.2.5", "38.3.0", "38.4.0", "38.4.1", "38.5.0", "38.5.1", "38.5.2", "38.6.0", "38.6.1", "38.7.0", "39.0.0", "39.0.1", "39.1.0", "39.2.0", "4.0", "4.0.1", "40.0.0", "40.1.0", "40.1.1", "40.2.0", "40.3.0", "40.4.0", "40.4.1", "40.4.2", "40.4.3", "40.5.0", "40.6.0", "40.6.1", "40.6.2", "40.6.3", "40.7.0", "40.7.1", "40.7.2", "40.7.3", "40.8.0", "40.9.0", "41.0.0", "41.0.1", "41.1.0", "41.2.0", "41.3.0", "41.4.0", "41.5.0", "41.5.1", "41.6.0", "42.0.0", "42.0.1", "42.0.2", "43.0.0", "44.0.0", "44.1.0", "44.1.1", "45.0.0", "45.1.0", "45.2.0", "45.3.0", "46.0.0", "46.1.0", "46.1.1", "46.1.2", "46.1.3", "46.2.0", "46.3.0", "46.3.1", "46.4.0", "47.0.0", "47.1.0", "47.1.1", "47.2.0", "47.3.0", "47.3.1", "47.3.2", "48.0.0", "49.0.0", "49.0.1", "49.1.0", "49.1.1", "49.1.2", "49.1.3", "49.2.0", "49.2.1", "49.3.0", "49.3.1", "49.3.2", "49.4.0", "49.5.0", "49.6.0", "5.0", "5.0.1", "5.0.2", "5.1", "5.2", "5.3", "5.4", "5.4.1", "5.4.2", "5.5", "5.5.1", "5.6", "5.7", "5.8", "50.0.0", "50.0.1", "50.0.2", "50.0.3", "50.1.0", "50.2.0", "50.3.0", "50.3.1", "50.3.2", "51.0.0", "51.1.0", "51.1.0.post20201221", "51.1.1", "51.1.2", "51.2.0", "51.3.0", "51.3.1", "51.3.2", "51.3.3", "52.0.0", "53.0.0", "53.1.0", "54.0.0", "54.1.0", "54.1.1", "54.1.2", "54.1.3", "54.2.0", "56.0.0", "6.0.1", "6.0.2", "6.1", "7.0", "8.0", "8.0.1", "8.0.2", "8.0.3", "8.0.4", "8.1", "8.2", "8.2.1", "8.3", "9.0", "9.0.1", "9.1", "56.1.0", "56.2.0", "57.0.0", "57.1.0", "57.2.0", "57.3.0", "57.4.0", "57.5.0", "58.0.0", "58.0.1", "58.0.2", "58.0.3", "58.0.4", "58.1.0", "58.2.0", "58.3.0", "58.4.0", "58.5.0", "58.5.1", "58.5.2", "58.5.3", "59.0.1", "59.1.0", "59.1.1", "59.2.0", "59.3.0", "59.4.0", "59.5.0", "59.6.0", "59.7.0", "59.8.0", "60.0.0", "60.0.1", "60.0.2", "60.0.3", "60.0.4", "60.0.5", "60.1.0", "60.1.1", "60.2.0", "60.3.0", "60.3.1", "60.4.0", "60.5.0", "60.6.0", "60.7.0", "60.7.1", "60.8.0", "60.8.1", "60.8.2", "60.9.0", "60.9.1", "60.9.2", "60.9.3", "60.10.0", "61.0.0", "61.1.0", "61.1.1", "61.2.0", "61.3.0", "61.3.1", "62.0.0", "62.1.0", "62.2.0", "62.3.0", "62.3.1", "62.3.2", "62.3.3", "62.3.4", "62.4.0", "62.5.0", "62.6.0", "63.0.0b1", "63.0.0", "63.1.0", "63.2.0", "63.3.0", "63.4.0", "63.4.1", "63.4.2", "63.4.3", "64.0.0", "64.0.1", "64.0.2", "64.0.3", "65.0.0", "65.0.1", "65.0.2", "65.1.0", "65.1.1", "65.2.0", "65.3.0", "65.4.0", "65.4.1", "65.5.0", "65.5.1", "65.6.0", "65.6.1", "65.6.2", "65.6.3", "65.7.0", "66.0.0", "66.1.0", "66.1.1", "67.0.0", "67.1.0", "67.2.0", "67.3.1", "67.3.2", "67.3.3", "67.4.0", "67.5.0", "67.5.1", "67.6.0", "67.6.1", "67.7.0", "67.7.1", "67.7.2", "67.8.0", "68.0.0", "68.1.0", "68.1.2", "68.2.0", "68.2.1", "68.2.2", "69.0.0", "69.0.1", "69.0.2", "69.0.3", "69.1.0", "69.1.1", "69.2.0", "69.3.0", "69.4.0", "69.3.1", "69.4.1", "69.4.2", "69.5.0", "69.5.1"]
Secure versions:
[70.0.0, 70.1.0, 70.1.1, 70.2.0, 70.3.0, 71.0.0, 71.0.1, 71.0.2, 71.0.3, 71.0.4, 71.1.0, 72.0.0, 72.1.0, 72.2.0, 73.0.0, 73.0.1, 74.0.0, 74.1.0, 74.1.1, 74.1.2, 74.1.3, 75.0.0, 75.1.0, 75.2.0, 75.3.0, 75.4.0, 75.5.0]
Recommendation:
Update to version 75.5.0.
Published date: 2022-12-23T00:30:23Z
CVE: CVE-2022-40897
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in package_index
. This has been patched in version 65.5.1.
Affected versions:
["0.6b1", "0.6b2", "0.6b3", "0.6b4", "0.6c1", "0.6c10", "0.6c11", "0.6c2", "0.6c3", "0.6c4", "0.6c5", "0.6c6", "0.6c7", "0.6c8", "0.6c9", "0.7.2", "0.7.3", "0.7.4", "0.7.5", "0.7.6", "0.7.7", "0.7.8", "0.8", "0.9", "0.9.1", "0.9.2", "0.9.3", "0.9.4", "0.9.5", "0.9.6", "0.9.7", "0.9.8", "1.0", "1.1", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.1.5", "1.1.6", "1.1.7", "1.2", "1.3", "1.3.1", "1.3.2", "1.4", "1.4.1", "1.4.2", "10.0", "10.0.1", "10.1", "10.2", "10.2.1", "11.0", "11.1", "11.2", "11.3", "11.3.1", "12.0", "12.0.1", "12.0.2", "12.0.3", "12.0.4", "12.0.5", "12.1", "12.2", "12.3", "12.4", "13.0", "13.0.1", "13.0.2", "14.0", "14.1", "14.1.1", "14.2", "14.3", "14.3.1", "15.0", "15.1", "15.2", "16.0", "17.0", "17.1", "17.1.1", "18.0", "18.0.1", "18.1", "18.2", "18.3", "18.3.1", "18.3.2", "18.4", "18.5", "18.6", "18.6.1", "18.7", "18.7.1", "18.8", "18.8.1", "19.0", "19.1", "19.1.1", "19.2", "19.3", "19.4", "19.4.1", "19.5", "19.6", "19.6.1", "19.6.2", "19.7", "2.0", "2.0.1", "2.0.2", "2.1", "2.1.1", "2.1.2", "2.2", "20.0", "20.1", "20.1.1", "20.10.1", "20.2.2", "20.3", "20.3.1", "20.4", "20.6.6", "20.6.7", "20.6.8", "20.7.0", "20.8.0", "20.8.1", "20.9.0", "21.0.0", "21.1.0", "21.2.0", "21.2.1", "21.2.2", "22.0.0", "22.0.1", "22.0.2", "22.0.4", "22.0.5", "23.0.0", "23.1.0", "23.2.0", "23.2.1", "24.0.0", "24.0.1", "24.0.2", "24.0.3", "24.1.0", "24.1.1", "24.2.0", "24.2.1", "24.3.0", "24.3.1", "25.0.0", "25.0.1", "25.0.2", "25.1.0", "25.1.1", "25.1.2", "25.1.3", "25.1.4", "25.1.5", "25.1.6", "25.2.0", "25.3.0", "25.4.0", "26.0.0", "26.1.0", "26.1.1", "27.0.0", "27.1.0", "27.1.2", "27.2.0", "27.3.0", "27.3.1", "28.0.0", "28.1.0", "28.2.0", "28.3.0", "28.4.0", "28.5.0", "28.6.0", "28.6.1", "28.7.0", "28.7.1", "28.8.0", "28.8.1", "29.0.0", "29.0.1", "3.0", "3.0.1", "3.0.2", "3.1", "3.2", "3.3", "3.4", "3.4.1", "3.4.2", "3.4.3", "3.4.4", "3.5", "3.5.1", "3.5.2", "3.6", "3.7", "3.7.1", "3.8", "3.8.1", "30.0.0", "30.1.0", "30.2.0", "30.2.1", "30.3.0", "30.4.0", "31.0.0", "31.0.1", "32.0.0", "32.1.0", "32.1.1", "32.1.2", "32.1.3", "32.2.0", "32.3.0", "32.3.1", "33.1.0", "33.1.1", "34.0.0", "34.0.1", "34.0.2", "34.0.3", "34.1.0", "34.1.1", "34.2.0", "34.3.0", "34.3.1", "34.3.2", "34.3.3", "34.4.0", "34.4.1", "35.0.0", "35.0.1", "35.0.2", "36.0.1", "36.1.0", "36.1.1", "36.2.0", "36.2.1", "36.2.2", "36.2.3", "36.2.4", "36.2.5", "36.2.6", "36.2.7", "36.3.0", "36.4.0", "36.5.0", "36.6.0", "36.6.1", "36.7.0", "36.7.1", "36.7.2", "36.8.0", "37.0.0", "38.0.0", "38.1.0", "38.2.0", "38.2.1", "38.2.3", "38.2.4", "38.2.5", "38.3.0", "38.4.0", "38.4.1", "38.5.0", "38.5.1", "38.5.2", "38.6.0", "38.6.1", "38.7.0", "39.0.0", "39.0.1", "39.1.0", "39.2.0", "4.0", "4.0.1", "40.0.0", "40.1.0", "40.1.1", "40.2.0", "40.3.0", "40.4.0", "40.4.1", "40.4.2", "40.4.3", "40.5.0", "40.6.0", "40.6.1", "40.6.2", "40.6.3", "40.7.0", "40.7.1", "40.7.2", "40.7.3", "40.8.0", "40.9.0", "41.0.0", "41.0.1", "41.1.0", "41.2.0", "41.3.0", "41.4.0", "41.5.0", "41.5.1", "41.6.0", "42.0.0", "42.0.1", "42.0.2", "43.0.0", "44.0.0", "44.1.0", "44.1.1", "45.0.0", "45.1.0", "45.2.0", "45.3.0", "46.0.0", "46.1.0", "46.1.1", "46.1.2", "46.1.3", "46.2.0", "46.3.0", "46.3.1", "46.4.0", "47.0.0", "47.1.0", "47.1.1", "47.2.0", "47.3.0", "47.3.1", "47.3.2", "48.0.0", "49.0.0", "49.0.1", "49.1.0", "49.1.1", "49.1.2", "49.1.3", "49.2.0", "49.2.1", "49.3.0", "49.3.1", "49.3.2", "49.4.0", "49.5.0", "49.6.0", "5.0", "5.0.1", "5.0.2", "5.1", "5.2", "5.3", "5.4", "5.4.1", "5.4.2", "5.5", "5.5.1", "5.6", "5.7", "5.8", "50.0.0", "50.0.1", "50.0.2", "50.0.3", "50.1.0", "50.2.0", "50.3.0", "50.3.1", "50.3.2", "51.0.0", "51.1.0", "51.1.0.post20201221", "51.1.1", "51.1.2", "51.2.0", "51.3.0", "51.3.1", "51.3.2", "51.3.3", "52.0.0", "53.0.0", "53.1.0", "54.0.0", "54.1.0", "54.1.1", "54.1.2", "54.1.3", "54.2.0", "56.0.0", "6.0.1", "6.0.2", "6.1", "7.0", "8.0", "8.0.1", "8.0.2", "8.0.3", "8.0.4", "8.1", "8.2", "8.2.1", "8.3", "9.0", "9.0.1", "9.1", "56.1.0", "56.2.0", "57.0.0", "57.1.0", "57.2.0", "57.3.0", "57.4.0", "57.5.0", "58.0.0", "58.0.1", "58.0.2", "58.0.3", "58.0.4", "58.1.0", "58.2.0", "58.3.0", "58.4.0", "58.5.0", "58.5.1", "58.5.2", "58.5.3", "59.0.1", "59.1.0", "59.1.1", "59.2.0", "59.3.0", "59.4.0", "59.5.0", "59.6.0", "59.7.0", "59.8.0", "60.0.0", "60.0.1", "60.0.2", "60.0.3", "60.0.4", "60.0.5", "60.1.0", "60.1.1", "60.2.0", "60.3.0", "60.3.1", "60.4.0", "60.5.0", "60.6.0", "60.7.0", "60.7.1", "60.8.0", "60.8.1", "60.8.2", "60.9.0", "60.9.1", "60.9.2", "60.9.3", "60.10.0", "61.0.0", "61.1.0", "61.1.1", "61.2.0", "61.3.0", "61.3.1", "62.0.0", "62.1.0", "62.2.0", "62.3.0", "62.3.1", "62.3.2", "62.3.3", "62.3.4", "62.4.0", "62.5.0", "62.6.0", "63.0.0b1", "63.0.0", "63.1.0", "63.2.0", "63.3.0", "63.4.0", "63.4.1", "63.4.2", "63.4.3", "64.0.0", "64.0.1", "64.0.2", "64.0.3", "65.0.0", "65.0.1", "65.0.2", "65.1.0", "65.1.1", "65.2.0", "65.3.0", "65.4.0", "65.4.1", "65.5.0"]
Secure versions:
[70.0.0, 70.1.0, 70.1.1, 70.2.0, 70.3.0, 71.0.0, 71.0.1, 71.0.2, 71.0.3, 71.0.4, 71.1.0, 72.0.0, 72.1.0, 72.2.0, 73.0.0, 73.0.1, 74.0.0, 74.1.0, 74.1.1, 74.1.2, 74.1.3, 75.0.0, 75.1.0, 75.2.0, 75.3.0, 75.4.0, 75.5.0]
Recommendation:
Update to version 75.5.0.