Vulnerabilities (CVE)

Filtered by vendor Python Subscribe
Filtered by product Setuptools
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-1633 1 Python 1 Setuptools 2024-11-21 6.8 MEDIUM N/A
easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
CVE-2022-40897 1 Python 1 Setuptools 2024-10-29 N/A 5.9 MEDIUM
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.