Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Python Subscribe
Filtered by product Setuptools
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-40897 1 Python 1 Setuptools 2023-02-14 N/A 5.9 MEDIUM
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
CVE-2013-1633 1 Python 1 Setuptools 2013-10-11 6.8 MEDIUM N/A
easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.