setuptools@75.3.3 vulnerabilities

Easily download, build, install, upgrade, and uninstall Python packages

latest version

82.0.0

latest non vulnerable version

82.0.0

first published

19 years ago

latest version published

11 days ago

licenses detected

MIT
[19.5,78.1.1)

View setuptools package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the setuptools package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Directory Traversal Affected versions of this package are vulnerable to Directory Traversal through the `‎PackageIndex._download_url` method. Due to insufficient sanitization of special characters, an attacker can write files to arbitrary locations on the filesystem with the permissions of the process running the Python code. In certain scenarios, an attacker could potentially escalate to remote code execution by leveraging malicious URLs present in a package index. How to fix Directory Traversal? Upgrade `setuptools` to version 78.1.1 or higher.	[,78.1.1)

Directory Traversal

Affected versions of this package are vulnerable to Directory Traversal through the ‎PackageIndex._download_url method. Due to insufficient sanitization of special characters, an attacker can write files to arbitrary locations on the filesystem with the permissions of the process running the Python code. In certain scenarios, an attacker could potentially escalate to remote code execution by leveraging malicious URLs present in a package index.

How to fix Directory Traversal?

Upgrade setuptools to version 78.1.1 or higher.

[,78.1.1)

Go back to all versions of this package