IxtliHIGHCVE-2025-47273PyPICVSS 8.8
setuptools
Published
Description
setuptools vulnerable to Command Injection via package URL
Affected Versions
>=0>=0
FIXED VERSIONS70.0.0250a6d17978f9f6ac3ac887091f2d32886fbbb0b78.1.1
References
EVIDENCEhttps://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxfARTICLEhttps://lists.debian.org/debian-lts-announce/2025/05/msg00035.htmlREPORThttps://github.com/pypa/setuptools/issues/4946FIXhttps://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0bWEBhttps://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-6345WEBhttps://github.com/pypa/setuptools/pull/4332WEBhttps://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0PACKAGEhttps://github.com/pypa/setuptoolsWEBhttps://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5WEBhttps://lists.debian.org/debian-lts-announce/2024/09/msg00018.html
Using setuptools?
Scan your dependencies and detect this automatically on every PR.
Create free account