CVE-2024-6345

ADVISORY - github

Summary

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

EPSS Score⁠: 0.00043 (0.096)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-94⁠

Improper Control of Generation of Code ('Code Injection')

ADVISORY - github

CWE-94⁠

Improper Control of Generation of Code ('Code Injection')

ADVISORY - redhat

CWE-94⁠

Improper Control of Generation of Code ('Code Injection')

Impacted images

Advisories

NIST

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2024-6345⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-94⁠

CVSS SCORE

8.8high

GitHub

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDGHSA-cx63-2mw6-8hw5⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-94⁠

CVSS SCORE

8.8high

Alpine

CREATED

2 months ago

UPDATED

1 month ago

ADVISORY IDCVE-2024-6345⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

2 months ago

UPDATED

3 days ago

ADVISORY IDCVE-2024-6345⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2024-6345⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

1 month ago

UPDATED

29 days ago

ADVISORY IDALSA-2024:5532⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

1 month ago

UPDATED

29 days ago

ADVISORY IDALSA-2024:5530⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

1 month ago

UPDATED

29 days ago

ADVISORY IDALSA-2024:5531⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

1 month ago

UPDATED

29 days ago

ADVISORY IDALSA-2024:5279⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

1 month ago

UPDATED

29 days ago

ADVISORY IDALSA-2024:5533⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

1 month ago

UPDATED

29 days ago

ADVISORY IDALSA-2024:5534⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

22 days ago

UPDATED

21 days ago

ADVISORY IDALSA-2024:5962⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

15 days ago

UPDATED

14 days ago

ADVISORY IDALSA-2024:6311⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

15 days ago

UPDATED

14 days ago

ADVISORY IDALSA-2024:6309⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

2 months ago

UPDATED

1 month ago

ADVISORY IDALAS2023-2024-676⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

6 days ago

UPDATED

6 days ago

ADVISORY IDALAS2-2024-2632⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Bitnami

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

BIT-setuptools-2024-6345

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2024-6345⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-94⁠

CVSS SCORE

8.8high

Rocky

CREATED

28 days ago

UPDATED

27 days ago

ADVISORY IDRLSA-2024:5531⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

28 days ago

UPDATED

27 days ago

ADVISORY IDRLSA-2024:5532⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

28 days ago

UPDATED

27 days ago

ADVISORY IDRLSA-2024:5279⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

28 days ago

UPDATED

27 days ago

ADVISORY IDRLSA-2024:5530⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

28 days ago

UPDATED

27 days ago

ADVISORY IDRLSA-2024:5533⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDELSA-2024-5279⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDELSA-2024-5530⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDELSA-2024-5532⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDELSA-2024-5534⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDELSA-2024-5533⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

28 days ago

UPDATED

28 days ago

ADVISORY IDELSA-2024-5531⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

21 days ago

UPDATED

21 days ago

ADVISORY IDELSA-2024-5962⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

15 days ago

UPDATED

15 days ago

ADVISORY IDELSA-2024-6309⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY IDELSA-2024-6311⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY IDELSA-2024-6726⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-rjmx-vqfq-f7rh

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-c79m-39cv-2j6g

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-4mw5-xqpj-q4mq

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-xrq9-4hfh-g5jh

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-c5cf-23gj-ccmf

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY