Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Undisclosed vulnerability #4331

Closed
4 of 5 tasks
jaraco opened this issue Apr 29, 2024 · 2 comments
Closed
4 of 5 tasks

Undisclosed vulnerability #4331

jaraco opened this issue Apr 29, 2024 · 2 comments
Assignees
@jaraco

Comments

@jaraco
Copy link
Member

jaraco commented Apr 29, 2024
edited

On April 22, the Setuptools project received a report of a possible vulnerability through Tidelift. This issue tracks the repair and eventual disclosure of that vulnerability.

This issue affects deprecated portions of Setuptools and is not believed to affect the bulk of users, especially those reliant on modern packaging installers (e.g. pip).

Status:

  • reported
  • investigated
  • acknowledged and confirmed
  • CVE drafted
  • remediation committed and released
@jaraco jaraco self-assigned this Apr 29, 2024
@jaraco
Copy link
Member Author

jaraco commented May 31, 2024

We've been tracking this issue on huntr.com and in this doc.

@jaraco
Copy link
Member Author

jaraco commented May 31, 2024

The issue was fixed in #4332.

@jaraco jaraco closed this as completed May 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jaraco jaraco

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jaraco