Search CVE reports
1 – 2 of 2 results
CVE-2024-6345
Medium priorityA vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or...
3 affected packages
python-pip, python-setuptools, setuptools
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-pip | Not affected | Not affected | Fixed | Fixed | Fixed |
| python-setuptools | Not in release | Fixed | Fixed | Fixed | Fixed |
| setuptools | Fixed | Fixed | Fixed | — | — |
CVE-2022-40897
Medium priorityPython Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in...
3 affected packages
python-pip, python-setuptools, setuptools
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-pip | — | Fixed | Fixed | Fixed | Fixed |
| python-setuptools | — | Fixed | Fixed | Fixed | Fixed |
| setuptools | — | Fixed | Fixed | Not in release | Not in release |