Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/setuptools@8.0.1

Type pypi

Namespace

Name setuptools

Version 8.0.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 78.1.1

Latest_non_vulnerable_version 78.1.1

Affected_by_vulnerabilities

url VCID-1pe7-4f4b-ukhu

vulnerability_id VCID-1pe7-4f4b-ukhu

summary setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47273.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47273.json

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2025-49.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2025-49.yaml

reference_url	https://github.com/pypa/setuptools
reference_id
reference_type
scores
url	https://github.com/pypa/setuptools

reference_url

https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88

reference_url

https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b

reference_url

https://github.com/pypa/setuptools/issues/4946

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/pypa/setuptools/issues/4946

reference_url

https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf

reference_url

https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2366982
reference_id	2366982
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2366982

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2025-47273
reference_id	CVE-2025-47273
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2025-47273

reference_url	https://github.com/advisories/GHSA-5rjg-fvgr-3xxf
reference_id	GHSA-5rjg-fvgr-3xxf
reference_type
scores
url	https://github.com/advisories/GHSA-5rjg-fvgr-3xxf

reference_url	https://access.redhat.com/errata/RHSA-2025:10407
reference_id	RHSA-2025:10407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10407

reference_url	https://access.redhat.com/errata/RHSA-2025:10787
reference_id	RHSA-2025:10787
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10787

reference_url	https://access.redhat.com/errata/RHSA-2025:10809
reference_id	RHSA-2025:10809
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10809

reference_url	https://access.redhat.com/errata/RHSA-2025:10992
reference_id	RHSA-2025:10992
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10992

reference_url	https://access.redhat.com/errata/RHSA-2025:11036
reference_id	RHSA-2025:11036
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11036

reference_url	https://access.redhat.com/errata/RHSA-2025:11043
reference_id	RHSA-2025:11043
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11043

reference_url	https://access.redhat.com/errata/RHSA-2025:11044
reference_id	RHSA-2025:11044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11044

reference_url	https://access.redhat.com/errata/RHSA-2025:11101
reference_id	RHSA-2025:11101
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11101

reference_url	https://access.redhat.com/errata/RHSA-2025:11102
reference_id	RHSA-2025:11102
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11102

reference_url	https://access.redhat.com/errata/RHSA-2025:11146
reference_id	RHSA-2025:11146
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11146

reference_url	https://access.redhat.com/errata/RHSA-2025:11388
reference_id	RHSA-2025:11388
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11388

reference_url	https://access.redhat.com/errata/RHSA-2025:11424
reference_id	RHSA-2025:11424
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11424

reference_url	https://access.redhat.com/errata/RHSA-2025:11425
reference_id	RHSA-2025:11425
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11425

reference_url	https://access.redhat.com/errata/RHSA-2025:11426
reference_id	RHSA-2025:11426
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11426

reference_url	https://access.redhat.com/errata/RHSA-2025:11427
reference_id	RHSA-2025:11427
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11427

reference_url	https://access.redhat.com/errata/RHSA-2025:11463
reference_id	RHSA-2025:11463
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11463

reference_url	https://access.redhat.com/errata/RHSA-2025:11464
reference_id	RHSA-2025:11464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11464

reference_url	https://access.redhat.com/errata/RHSA-2025:11584
reference_id	RHSA-2025:11584
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11584

reference_url	https://access.redhat.com/errata/RHSA-2025:11607
reference_id	RHSA-2025:11607
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11607

reference_url	https://access.redhat.com/errata/RHSA-2025:11868
reference_id	RHSA-2025:11868
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11868

reference_url	https://access.redhat.com/errata/RHSA-2025:11984
reference_id	RHSA-2025:11984
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11984

reference_url	https://access.redhat.com/errata/RHSA-2025:12020
reference_id	RHSA-2025:12020
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12020

reference_url	https://access.redhat.com/errata/RHSA-2025:12834
reference_id	RHSA-2025:12834
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12834

reference_url	https://access.redhat.com/errata/RHSA-2025:13578
reference_id	RHSA-2025:13578
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13578

reference_url	https://access.redhat.com/errata/RHSA-2025:13668
reference_id	RHSA-2025:13668
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13668

reference_url	https://access.redhat.com/errata/RHSA-2025:13669
reference_id	RHSA-2025:13669
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13669

reference_url	https://access.redhat.com/errata/RHSA-2025:13803
reference_id	RHSA-2025:13803
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13803

reference_url	https://access.redhat.com/errata/RHSA-2025:13804
reference_id	RHSA-2025:13804
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13804

reference_url	https://access.redhat.com/errata/RHSA-2025:14686
reference_id	RHSA-2025:14686
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14686

reference_url	https://access.redhat.com/errata/RHSA-2025:14900
reference_id	RHSA-2025:14900
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14900

reference_url	https://access.redhat.com/errata/RHSA-2025:15408
reference_id	RHSA-2025:15408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15408

reference_url	https://access.redhat.com/errata/RHSA-2025:15410
reference_id	RHSA-2025:15410
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15410

reference_url	https://access.redhat.com/errata/RHSA-2025:15411
reference_id	RHSA-2025:15411
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15411

reference_url	https://access.redhat.com/errata/RHSA-2025:19421
reference_id	RHSA-2025:19421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19421

reference_url	https://access.redhat.com/errata/RHSA-2025:19422
reference_id	RHSA-2025:19422
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19422

reference_url	https://access.redhat.com/errata/RHSA-2025:19423
reference_id	RHSA-2025:19423
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19423

reference_url	https://access.redhat.com/errata/RHSA-2025:19424
reference_id	RHSA-2025:19424
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19424

reference_url	https://access.redhat.com/errata/RHSA-2025:19425
reference_id	RHSA-2025:19425
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19425

reference_url	https://access.redhat.com/errata/RHSA-2025:19426
reference_id	RHSA-2025:19426
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19426

reference_url	https://access.redhat.com/errata/RHSA-2025:19427
reference_id	RHSA-2025:19427
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19427

reference_url	https://access.redhat.com/errata/RHSA-2025:19428
reference_id	RHSA-2025:19428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19428

reference_url	https://access.redhat.com/errata/RHSA-2025:19429
reference_id	RHSA-2025:19429
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19429

reference_url	https://access.redhat.com/errata/RHSA-2025:19430
reference_id	RHSA-2025:19430
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19430

reference_url	https://access.redhat.com/errata/RHSA-2025:9940
reference_id	RHSA-2025:9940
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9940

reference_url	https://access.redhat.com/errata/RHSA-2025:9966
reference_id	RHSA-2025:9966
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9966

reference_url	https://access.redhat.com/errata/RHSA-2026:4215
reference_id	RHSA-2026:4215
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4215

fixed_packages

url	pkg:pypi/setuptools@78.1.1
purl	pkg:pypi/setuptools@78.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/setuptools@78.1.1

aliases CVE-2025-47273, GHSA-5rjg-fvgr-3xxf, PYSEC-2025-49

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1pe7-4f4b-ukhu

url VCID-f4x2-qsqp-kfcn

vulnerability_id VCID-f4x2-qsqp-kfcn

summary Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

references

reference_url	https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200
reference_id
reference_type
scores
url	https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200

reference_url	https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be
reference_id
reference_type
scores
url	https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be

reference_url	https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1
reference_id
reference_type
scores
url	https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1

reference_url	https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
reference_id
reference_type
scores
url	https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/

reference_url	https://pyup.io/vulnerabilities/CVE-2022-40897/52495/
reference_id
reference_type
scores
url	https://pyup.io/vulnerabilities/CVE-2022-40897/52495/

fixed_packages

url pkg:pypi/setuptools@65.5.1

purl pkg:pypi/setuptools@65.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pe7-4f4b-ukhu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/setuptools@65.5.1

aliases CVE-2022-40897, PYSEC-2022-43012

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4x2-qsqp-kfcn

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/setuptools@8.0.1

Package Instance