Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/py3-setuptools@70.3.0-r0?arch=aarch64&distroversion=v3.23&reponame=main
Typeapk
Namespacealpine
Namepy3-setuptools
Version70.3.0-r0
Qualifiers
arch aarch64
distroversion v3.23
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-qt3x-msd9-tyct
vulnerability_id VCID-qt3x-msd9-tyct
summary 
setuptools vulnerable to Command Injection via package URL
A vulnerability in the `package_index` module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6345.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6345.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-6345
reference_id
reference_type
scores
0
value 0.05553
scoring_system epss
scoring_elements 0.90291
published_at 2026-04-16T12:55:00Z
1
value 0.05553
scoring_system epss
scoring_elements 0.90275
published_at 2026-04-13T12:55:00Z
2
value 0.05553
scoring_system epss
scoring_elements 0.90281
published_at 2026-04-12T12:55:00Z
3
value 0.05553
scoring_system epss
scoring_elements 0.90282
published_at 2026-04-11T12:55:00Z
4
value 0.05553
scoring_system epss
scoring_elements 0.90273
published_at 2026-04-09T12:55:00Z
5
value 0.05553
scoring_system epss
scoring_elements 0.90267
published_at 2026-04-08T12:55:00Z
6
value 0.05553
scoring_system epss
scoring_elements 0.90251
published_at 2026-04-07T12:55:00Z
7
value 0.05697
scoring_system epss
scoring_elements 0.90425
published_at 2026-04-21T12:55:00Z
8
value 0.05697
scoring_system epss
scoring_elements 0.90427
published_at 2026-04-18T12:55:00Z
9
value 0.07336
scoring_system epss
scoring_elements 0.9167
published_at 2026-04-04T12:55:00Z
10
value 0.07336
scoring_system epss
scoring_elements 0.91665
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-6345
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6345
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6345
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/setuptools
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/setuptools
5
reference_url https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-15T13:33:16Z/
url https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0
6
reference_url https://github.com/pypa/setuptools/pull/4332
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/setuptools/pull/4332
7
reference_url https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-15T13:33:16Z/
url https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5
8
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-6345
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-6345
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2297771
reference_id 2297771
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2297771
11
reference_url https://github.com/advisories/GHSA-cx63-2mw6-8hw5
reference_id GHSA-cx63-2mw6-8hw5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cx63-2mw6-8hw5
12
reference_url https://access.redhat.com/errata/RHSA-2024:10135
reference_id RHSA-2024:10135
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10135
13
reference_url https://access.redhat.com/errata/RHSA-2024:11109
reference_id RHSA-2024:11109
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11109
14
reference_url https://access.redhat.com/errata/RHSA-2024:5000
reference_id RHSA-2024:5000
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5000
15
reference_url https://access.redhat.com/errata/RHSA-2024:5002
reference_id RHSA-2024:5002
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5002
16
reference_url https://access.redhat.com/errata/RHSA-2024:5040
reference_id RHSA-2024:5040
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5040
17
reference_url https://access.redhat.com/errata/RHSA-2024:5078
reference_id RHSA-2024:5078
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5078
18
reference_url https://access.redhat.com/errata/RHSA-2024:5084
reference_id RHSA-2024:5084
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5084
19
reference_url https://access.redhat.com/errata/RHSA-2024:5137
reference_id RHSA-2024:5137
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5137
20
reference_url https://access.redhat.com/errata/RHSA-2024:5279
reference_id RHSA-2024:5279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5279
21
reference_url https://access.redhat.com/errata/RHSA-2024:5389
reference_id RHSA-2024:5389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5389
22
reference_url https://access.redhat.com/errata/RHSA-2024:5530
reference_id RHSA-2024:5530
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5530
23
reference_url https://access.redhat.com/errata/RHSA-2024:5531
reference_id RHSA-2024:5531
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5531
24
reference_url https://access.redhat.com/errata/RHSA-2024:5532
reference_id RHSA-2024:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5532
25
reference_url https://access.redhat.com/errata/RHSA-2024:5533
reference_id RHSA-2024:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5533
26
reference_url https://access.redhat.com/errata/RHSA-2024:5534
reference_id RHSA-2024:5534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5534
27
reference_url https://access.redhat.com/errata/RHSA-2024:5962
reference_id RHSA-2024:5962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5962
28
reference_url https://access.redhat.com/errata/RHSA-2024:6220
reference_id RHSA-2024:6220
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6220
29
reference_url https://access.redhat.com/errata/RHSA-2024:6309
reference_id RHSA-2024:6309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6309
30
reference_url https://access.redhat.com/errata/RHSA-2024:6311
reference_id RHSA-2024:6311
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6311
31
reference_url https://access.redhat.com/errata/RHSA-2024:6312
reference_id RHSA-2024:6312
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6312
32
reference_url https://access.redhat.com/errata/RHSA-2024:6488
reference_id RHSA-2024:6488
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6488
33
reference_url https://access.redhat.com/errata/RHSA-2024:6611
reference_id RHSA-2024:6611
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6611
34
reference_url https://access.redhat.com/errata/RHSA-2024:6612
reference_id RHSA-2024:6612
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6612
35
reference_url https://access.redhat.com/errata/RHSA-2024:6661
reference_id RHSA-2024:6661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6661
36
reference_url https://access.redhat.com/errata/RHSA-2024:6662
reference_id RHSA-2024:6662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6662
37
reference_url https://access.redhat.com/errata/RHSA-2024:6667
reference_id RHSA-2024:6667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6667
38
reference_url https://access.redhat.com/errata/RHSA-2024:6726
reference_id RHSA-2024:6726
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6726
39
reference_url https://access.redhat.com/errata/RHSA-2024:6907
reference_id RHSA-2024:6907
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6907
40
reference_url https://access.redhat.com/errata/RHSA-2024:7213
reference_id RHSA-2024:7213
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7213
41
reference_url https://access.redhat.com/errata/RHSA-2024:7374
reference_id RHSA-2024:7374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7374
42
reference_url https://access.redhat.com/errata/RHSA-2024:8168
reference_id RHSA-2024:8168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8168
43
reference_url https://access.redhat.com/errata/RHSA-2024:8170
reference_id RHSA-2024:8170
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8170
44
reference_url https://access.redhat.com/errata/RHSA-2024:8171
reference_id RHSA-2024:8171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8171
45
reference_url https://access.redhat.com/errata/RHSA-2024:8172
reference_id RHSA-2024:8172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8172
46
reference_url https://access.redhat.com/errata/RHSA-2024:8173
reference_id RHSA-2024:8173
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8173
47
reference_url https://access.redhat.com/errata/RHSA-2024:8179
reference_id RHSA-2024:8179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8179
48
reference_url https://usn.ubuntu.com/7002-1/
reference_id USN-7002-1
reference_type
scores
url https://usn.ubuntu.com/7002-1/
fixed_packages
0
url pkg:apk/alpine/py3-setuptools@70.3.0-r0?arch=aarch64&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/py3-setuptools@70.3.0-r0?arch=aarch64&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/py3-setuptools@70.3.0-r0%3Farch=aarch64&distroversion=v3.23&reponame=main
aliases CVE-2024-6345, GHSA-cx63-2mw6-8hw5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qt3x-msd9-tyct
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/py3-setuptools@70.3.0-r0%3Farch=aarch64&distroversion=v3.23&reponame=main