Safety CI > aguiardafa/projeto-base-stack-django

pyup-scheduled-update-2025-05-12

3 weeks, 5 days ago

dea16741

Update setuptools from 80.3.1 to 80.4.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-05-12

3 weeks, 5 days ago

cd35953c

Update django from 5.2 to 5.2.1

No dependencies with known security vulnerabilities.

main

1 month ago

7013a9e0

Merge pull request #171 from aguiardafa/pyup-scheduled-update-2025-05-05 Scheduled weekly dependenc

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-05-05

1 month ago

f626d14d

Update typing-extensions from 4.12.2 to 4.13.2

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-05-05

1 month ago

596bc2de

Update sqlparse from 0.5.2 to 0.5.3

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-05-05

1 month ago

b9ac70ac

Update pyflakes from 3.2.0 to 3.3.2

setuptools 75.5.0 has known security vulnerabilities.

Package	Installed	Affected	Info
setuptools	75.5.0	<78.1.1	show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.
setuptools	75.5.0	<78.1.1	show Affected versions of setuptools ≤ 69.1.1 are vulnerable to path traversal and command injection in the package_index module’s download functions (CVE-2024-6345), allowing arbitrary file writes and remote code execution via crafted URLs. Vulnerable function: _resolve_download_filename fails to enforce tmpdir boundaries.

Package

Installed

Affected

Info

setuptools

75.5.0

<78.1.1

show

Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.

setuptools

75.5.0

<78.1.1

show

Affected versions of setuptools ≤ 69.1.1 are vulnerable to path traversal and command injection in the package_index module’s download functions (CVE-2024-6345), allowing arbitrary file writes and remote code execution via crafted URLs. Vulnerable function: _resolve_download_filename fails to enforce tmpdir boundaries.

pyup-scheduled-update-2025-05-05

1 month ago

3510995e

Update setuptools from 75.5.0 to 80.3.1

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-05-05

1 month ago

73b86445

Update pycodestyle from 2.12.1 to 2.13.0

setuptools 75.5.0 has known security vulnerabilities.

Package	Installed	Affected	Info
setuptools	75.5.0	<78.1.1	show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.
setuptools	75.5.0	<78.1.1	show Affected versions of setuptools ≤ 69.1.1 are vulnerable to path traversal and command injection in the package_index module’s download functions (CVE-2024-6345), allowing arbitrary file writes and remote code execution via crafted URLs. Vulnerable function: _resolve_download_filename fails to enforce tmpdir boundaries.

Package

Installed

Affected

Info

setuptools

75.5.0

<78.1.1

show

Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.

setuptools

75.5.0

<78.1.1

show

Affected versions of setuptools ≤ 69.1.1 are vulnerable to path traversal and command injection in the package_index module’s download functions (CVE-2024-6345), allowing arbitrary file writes and remote code execution via crafted URLs. Vulnerable function: _resolve_download_filename fails to enforce tmpdir boundaries.

pyup-scheduled-update-2025-05-05

1 month ago

c5d8883f

Update pillow from 11.0.0 to 11.2.1

setuptools 75.5.0 has known security vulnerabilities.

Package	Installed	Affected	Info
setuptools	75.5.0	<78.1.1	show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.
setuptools	75.5.0	<78.1.1	show Affected versions of setuptools ≤ 69.1.1 are vulnerable to path traversal and command injection in the package_index module’s download functions (CVE-2024-6345), allowing arbitrary file writes and remote code execution via crafted URLs. Vulnerable function: _resolve_download_filename fails to enforce tmpdir boundaries.

Package

Installed

Affected

Info

setuptools

75.5.0

<78.1.1

show

Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.

setuptools

75.5.0

<78.1.1

show

Affected versions of setuptools ≤ 69.1.1 are vulnerable to path traversal and command injection in the package_index module’s download functions (CVE-2024-6345), allowing arbitrary file writes and remote code execution via crafted URLs. Vulnerable function: _resolve_download_filename fails to enforce tmpdir boundaries.

pyup-scheduled-update-2025-05-05

1 month ago

4b5a5055

Update flake8 from 7.1.1 to 7.2.0

setuptools 75.5.0 has known security vulnerabilities.

Package	Installed	Affected	Info
setuptools	75.5.0	<78.1.1	show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.
setuptools	75.5.0	<78.1.1	show Affected versions of setuptools ≤ 69.1.1 are vulnerable to path traversal and command injection in the package_index module’s download functions (CVE-2024-6345), allowing arbitrary file writes and remote code execution via crafted URLs. Vulnerable function: _resolve_download_filename fails to enforce tmpdir boundaries.

Package

Installed

Affected

Info

setuptools

75.5.0

<78.1.1

show

Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.

setuptools

75.5.0

<78.1.1

show

Affected versions of setuptools ≤ 69.1.1 are vulnerable to path traversal and command injection in the package_index module’s download functions (CVE-2024-6345), allowing arbitrary file writes and remote code execution via crafted URLs. Vulnerable function: _resolve_download_filename fails to enforce tmpdir boundaries.

pyup-scheduled-update-2025-05-05

1 month ago

3bc8f11f

Update django-storages from 1.14.4 to 1.14.6

setuptools 75.5.0 has known security vulnerabilities.

Package	Installed	Affected	Info
setuptools	75.5.0	<78.1.1	show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.
setuptools	75.5.0	<78.1.1	show Affected versions of setuptools ≤ 69.1.1 are vulnerable to path traversal and command injection in the package_index module’s download functions (CVE-2024-6345), allowing arbitrary file writes and remote code execution via crafted URLs. Vulnerable function: _resolve_download_filename fails to enforce tmpdir boundaries.

Package

Installed

Affected

Info

setuptools

75.5.0

<78.1.1

show

Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.

setuptools

75.5.0

<78.1.1

show

Affected versions of setuptools ≤ 69.1.1 are vulnerable to path traversal and command injection in the package_index module’s download functions (CVE-2024-6345), allowing arbitrary file writes and remote code execution via crafted URLs. Vulnerable function: _resolve_download_filename fails to enforce tmpdir boundaries.

pyup-scheduled-update-2025-05-05

1 month ago

5ff64928

Update django from 5.1.3 to 5.2

setuptools 75.5.0 has known security vulnerabilities.

Package	Installed	Affected	Info
setuptools	75.5.0	<78.1.1	show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.
setuptools	75.5.0	<78.1.1	show Affected versions of setuptools ≤ 69.1.1 are vulnerable to path traversal and command injection in the package_index module’s download functions (CVE-2024-6345), allowing arbitrary file writes and remote code execution via crafted URLs. Vulnerable function: _resolve_download_filename fails to enforce tmpdir boundaries.

Package

Installed

Affected

Info

setuptools

75.5.0

<78.1.1

show

Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.

setuptools

75.5.0

<78.1.1

show

Affected versions of setuptools ≤ 69.1.1 are vulnerable to path traversal and command injection in the package_index module’s download functions (CVE-2024-6345), allowing arbitrary file writes and remote code execution via crafted URLs. Vulnerable function: _resolve_download_filename fails to enforce tmpdir boundaries.

pyup-scheduled-update-2025-04-28

1 month, 1 week ago

0f8bb6ce

Update sqlparse from 0.5.2 to 0.5.3

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-04-28

1 month, 1 week ago

ed024ceb

Update setuptools from 75.5.0 to 80.0.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-04-28

1 month, 1 week ago

bc8ddba3

Update pycodestyle from 2.12.1 to 2.13.0

setuptools 75.5.0 has known security vulnerabilities.

Package	Installed	Affected	Info
setuptools	75.5.0	<78.1.1	show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.
setuptools	75.5.0	<78.1.1	show Affected versions of setuptools ≤ 69.1.1 are vulnerable to path traversal and command injection in the package_index module’s download functions (CVE-2024-6345), allowing arbitrary file writes and remote code execution via crafted URLs. Vulnerable function: _resolve_download_filename fails to enforce tmpdir boundaries.

Package

Installed

Affected

Info

setuptools

75.5.0

<78.1.1

show

Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context.

setuptools

75.5.0

<78.1.1

show

Affected versions of setuptools ≤ 69.1.1 are vulnerable to path traversal and command injection in the package_index module’s download functions (CVE-2024-6345), allowing arbitrary file writes and remote code execution via crafted URLs. Vulnerable function: _resolve_download_filename fails to enforce tmpdir boundaries.