CLSA-2025-1765801059

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1765801059.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2025-1765801059
Upstream
Published
2025-12-15T12:17:43Z
Modified
2026-06-01T00:31:29.500221794Z
Summary
python-setuptools: Fix of 2 CVEs
Details
  • CVE-2024-6345: fix code injection vulnerability in package download functions
  • CVE-2025-47273: fix path traversal in PackageIndex.download leading to arbitrary file write
References

Affected packages

TuxCare:AlmaLinux:9.2 / python3-setuptools

Package

Name
python3-setuptools
Purl
pkg:rpm/tuxcare/python3-setuptools?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
53.0.0-12.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1765801059.json"

TuxCare:AlmaLinux:9.2 / python3-setuptools-wheel

Package

Name
python3-setuptools-wheel
Purl
pkg:rpm/tuxcare/python3-setuptools-wheel?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
53.0.0-12.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1765801059.json"