A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
Metrics
Affected Vendors & Products
References
History
Sat, 14 Sep 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat openshift Devspaces
Redhat rhel Els |
|
CPEs | cpe:/a:redhat:openshift_devspaces:3::el8 cpe:/o:redhat:rhel_els:7 |
|
Vendors & Products |
Redhat openshift Devspaces
Redhat rhel Els |
Thu, 12 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:rhel_e4s:9.0 |
Mon, 09 Sep 2024 23:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_tus:8.4 |
Fri, 06 Sep 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:enterprise_linux:8::highavailability cpe:/a:redhat:enterprise_linux:8::resilientstorage cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_tus:8.6 |
Mon, 19 Aug 2024 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
Fri, 16 Aug 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat enterprise Linux
|
|
CPEs | cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:rhel_e4s:9.0 |
|
Vendors & Products |
Redhat enterprise Linux
|
Thu, 08 Aug 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/o:redhat:rhel_eus:9.2 |
Wed, 07 Aug 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/o:redhat:rhel_aus:8.4 cpe:/o:redhat:rhel_e4s:8.4 cpe:/o:redhat:rhel_tus:8.4 |
Wed, 07 Aug 2024 01:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhel Aus
Redhat rhel E4s Redhat rhel Tus |
|
CPEs | cpe:/o:redhat:rhel_aus:8.6 cpe:/o:redhat:rhel_e4s:8.6 cpe:/o:redhat:rhel_tus:8.6 |
|
Vendors & Products |
Redhat rhel Aus
Redhat rhel E4s Redhat rhel Tus |
Tue, 06 Aug 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat rhel Eus |
|
CPEs | cpe:/a:redhat:rhel_eus:8.8 cpe:/o:redhat:rhel_eus:8.8 |
|
Vendors & Products |
Redhat
Redhat rhel Eus |
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-07-15T00:00:14.545Z
Updated: 2024-08-01T21:33:05.517Z
Reserved: 2024-06-26T08:16:17.895Z
Link: CVE-2024-6345
Vulnrichment
Updated: 2024-08-01T21:33:05.517Z
NVD
Status : Awaiting Analysis
Published: 2024-07-15T01:15:01.730
Modified: 2024-07-15T13:00:34.853
Link: CVE-2024-6345
Redhat