Python/setuptools/0.6c3
Easily download, build, install, upgrade, and uninstall Python packages
https://pypi.org/project/setuptools
PSF-2.0
OR
ZPL-2.1
2 Security Vulnerabilities
Setuptools vulnerable to Man-in-the-middle attacks
easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)
- https://nvd.nist.gov/vuln/detail/CVE-2022-40897
- https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200
- https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
- https://github.com/pypa/setuptools/issues/3659
- https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be
- https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1
- https://pyup.io/vulnerabilities/CVE-2022-40897/52495/
- https://setuptools.pypa.io/en/latest/
- https://github.com/advisories/GHSA-r9hx-vwmv-q579
- https://security.netapp.com/advisory/ntap-20230214-0001/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H/
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in package_index
. This has been patched in version 65.5.1.
559 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
3.1 | PSF-2.0 OR ZPL-2.1 | 1 | 2014-03-08 - 13:36 | about 10 years |
3.0.2 | PSF-2.0 OR ZPL-2.1 | 1 | 2014-03-08 - 13:38 | about 10 years |
3.0.1 | PSF-2.0 OR ZPL-2.1 | 1 | 2014-03-08 - 13:38 | about 10 years |
3.0 | PSF-2.0 OR ZPL-2.1 | 1 | 2014-03-08 - 13:37 | about 10 years |
2.2 | PSF-2.0 OR ZPL-2.1 | 1 | 2014-02-08 - 02:37 | over 10 years |
2.1.2 | PSF-2.0 OR ZPL-2.1 | 1 | 2014-02-06 - 14:21 | over 10 years |
2.1.1 | PSF-2.0 OR ZPL-2.1 | 1 | 2014-02-06 - 00:31 | over 10 years |
2.1 | PSF-2.0 OR ZPL-2.1 | 1 | 2014-01-07 - 21:18 | over 10 years |
2.0.2 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-12-29 - 15:41 | over 10 years |
2.0.1 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-12-16 - 03:36 | over 10 years |
2.0 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-12-07 - 18:28 | over 10 years |
1.4.2 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-12-01 - 11:15 | over 10 years |
1.4.1 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-11-23 - 22:53 | over 10 years |
1.4 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-11-17 - 15:06 | over 10 years |
1.3.2 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-11-09 - 18:49 | over 10 years |
1.3.1 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-11-07 - 06:15 | over 10 years |
1.3 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-11-03 - 16:38 | over 10 years |
1.2 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-11-02 - 18:31 | over 10 years |
1.1.7 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-10-28 - 01:44 | over 10 years |
1.1.6 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-10-26 - 15:12 | over 10 years |
1.1.5 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-09-12 - 13:59 | over 10 years |
1.1.4 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-09-07 - 21:18 | over 10 years |
1.1.3 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-09-06 - 13:40 | over 10 years |
1.1.2 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-09-06 - 13:37 | over 10 years |
1.1.1 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-09-04 - 02:49 | over 10 years |
1.1 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-08-27 - 01:42 | almost 11 years |
1.0 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-08-17 - 19:28 | almost 11 years |
0.9.8 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-08-05 - 05:09 | almost 11 years |
0.9.7 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-07-22 - 20:56 | almost 11 years |
0.9.6 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-07-18 - 01:08 | almost 11 years |
0.9.5 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-07-15 - 21:13 | almost 11 years |
0.9.4 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-07-15 - 18:46 | almost 11 years |
0.9.3 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-07-15 - 17:33 | almost 11 years |
0.9.2 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-07-15 - 17:13 | almost 11 years |
0.9.1 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-07-14 - 02:03 | almost 11 years |
0.9 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-07-13 - 15:53 | almost 11 years |
0.8 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-07-05 - 18:18 | almost 11 years |
0.7.8 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-07-05 - 02:10 | almost 11 years |
0.7.7 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-07-02 - 16:17 | almost 11 years |
0.7.6 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-07-02 - 12:35 | almost 11 years |
0.7.5 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-06-29 - 14:55 | almost 11 years |
0.7.4 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-06-19 - 13:52 | almost 11 years |
0.7.3 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-06-18 - 21:08 | almost 11 years |
0.7.2 | PSF-2.0 OR ZPL-2.1 | 1 | 2013-06-09 - 16:10 | almost 11 years |
0.6c7 | PSF-2.0 OR ZPL-2.1 | 2 | 2007-09-04 - 16:48 | over 16 years |
0.6c5 | PSF-2.0 OR ZPL-2.1 | 2 | 2007-01-09 - 19:39 | over 17 years |
0.6c4 | PSF-2.0 OR ZPL-2.1 | 2 | 2007-01-09 - 18:22 | over 17 years |
0.6c6 | PSF-2.0 OR ZPL-2.1 | 2 | 2007-05-31 - 17:32 | about 17 years |
0.6c8 | PSF-2.0 OR ZPL-2.1 | 2 | 2008-02-15 - 18:13 | over 16 years |
0.6c11 | PSF-2.0 OR ZPL-2.1 | 2 | 2009-10-20 - 16:07 | over 14 years |
0.6c10 | PSF-2.0 OR ZPL-2.1 | 2 | 2009-10-19 - 21:49 | over 14 years |
0.6c2 | PSF-2.0 OR ZPL-2.1 | 2 | 2006-09-06 - 21:26 | over 17 years |
0.6b4 | PSF-2.0 OR ZPL-2.1 | 2 | 2006-07-11 - 18:51 | almost 18 years |
0.6b2 | PSF-2.0 OR ZPL-2.1 | 2 | 2006-06-01 - 15:45 | about 18 years |
0.6b1 | PSF-2.0 OR ZPL-2.1 | 2 | 2006-05-12 - 22:42 | about 18 years |
0.6b3 | PSF-2.0 OR ZPL-2.1 | 2 | 2006-06-09 - 18:48 | almost 18 years |
0.6c1 | PSF-2.0 OR ZPL-2.1 | 2 | 2006-07-20 - 21:03 | almost 18 years |
0.6c3 | PSF-2.0 OR ZPL-2.1 | 2 | 2006-09-20 - 21:30 | over 17 years |
0.6c9 | PSF-2.0 OR ZPL-2.1 | 2 | 2008-09-24 - 17:23 | over 15 years |