[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-6345":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":62,"aliases":63,"duplicate_of":9,"upstream":66,"downstream":67,"duplicates":168,"related":169,"reserved_at":9,"published_at":230,"modified_at":231,"state":232,"summary":233,"references_raw":242,"kevs":272,"epss":273,"epss_history":276,"metrics":541,"affected":555},"CVE-2024-6345","A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-94","Improper Control of Generation of Code ('Code Injection')","The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.","weakness","Draft","Base","Medium",[20,24,58],{"id":21,"name":22,"techniques":23},"CAPEC-242","Code Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[28,39,46],{"id":29,"name":30,"tactics":31,"countermeasures":38},"T1027.006","HTML Smuggling",[32,35],{"id":33,"name":34},"TA0030","Defense Evasion",{"id":36,"name":37},"TA0005","Stealth",[],{"id":40,"name":41,"tactics":42,"countermeasures":45},"T1027.009","Embedded Payloads",[43,44],{"id":33,"name":34},{"id":36,"name":37},[],{"id":47,"name":48,"tactics":49,"countermeasures":52},"T1564.009","Resource Forking",[50,51],{"id":33,"name":34},{"id":36,"name":37},[53],{"id":54,"name":55,"tactic":56},"D3-FFV","File Format Verification",{"name":57},"Isolate",{"id":59,"name":60,"techniques":61},"CAPEC-77","Manipulating User-Controlled Variables",[],[],[64,65],"GHSA-cx63-2mw6-8hw5","BIT-setuptools-2024-6345",[],[68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126,128,130,132,134,136,138,140,142,144,146,148,150,152,154,156,158,160,162,164,166],{"_key":69},"ALPINE-CVE-2024-6345",{"_key":71},"SUSE-SU-2024:2899-1",{"_key":73},"SUSE-SU-2024:2900-1",{"_key":75},"SUSE-SU-2024:2950-1",{"_key":77},"SUSE-SU-2024:4020-1",{"_key":79},"SUSE-SU-2024:4021-1",{"_key":81},"SUSE-SU-2024:4029-1",{"_key":83},"UBUNTU-CVE-2024-6345",{"_key":85},"SUSE-SU-2024:2904-1",{"_key":87},"SUSE-SU-2024:2906-1",{"_key":89},"SUSE-SU-2024:2907-1",{"_key":91},"SUSE-SU-2024:3054-1",{"_key":93},"SUSE-SU-2024:3055-1",{"_key":95},"OPENSUSE-SU-2024:14294-1",{"_key":97},"DLA-3876-1",{"_key":99},"SUSE-SU-2025:20053-1",{"_key":101},"MGASA-2025-0056",{"_key":103},"DEBIAN-CVE-2024-6345",{"_key":105},"USN-7002-1",{"_key":107},"RHSA-2024:5000",{"_key":109},"RHSA-2024:5002",{"_key":111},"RHSA-2024:5040",{"_key":113},"RHSA-2024:5078",{"_key":115},"RHSA-2024:5084",{"_key":117},"RHSA-2024:5137",{"_key":119},"RHSA-2024:5279",{"_key":121},"RHSA-2024:5389",{"_key":123},"RHSA-2024:5530",{"_key":125},"RHSA-2024:5531",{"_key":127},"RHSA-2024:5532",{"_key":129},"RHSA-2024:5533",{"_key":131},"RHSA-2024:5534",{"_key":133},"RHSA-2024:5962",{"_key":135},"RHSA-2024:6220",{"_key":137},"RHSA-2024:6309",{"_key":139},"RHSA-2024:6311",{"_key":141},"RHSA-2024:6312",{"_key":143},"RHSA-2024:6488",{"_key":145},"RHSA-2024:6611",{"_key":147},"RHSA-2024:6612",{"_key":149},"RHSA-2024:6661",{"_key":151},"RHSA-2024:6662",{"_key":153},"RHSA-2024:6726",{"_key":155},"RHSA-2024:6907",{"_key":157},"RHSA-2024:8168",{"_key":159},"RHSA-2024:8170",{"_key":161},"RHSA-2024:8171",{"_key":163},"RHSA-2024:8172",{"_key":165},"RHSA-2024:8173",{"_key":167},"RHSA-2024:8179",[],[170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,186,188,190,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222,224,226,228],{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":85},{"_key":87},{"_key":89},{"_key":91},{"_key":93},{"_key":95},{"_key":99},{"_key":101},{"_key":185},"CGA-374G-F8MR-WHVM",{"_key":187},"CGA-47W3-WFG8-56WR",{"_key":189},"CGA-4J9R-79J7-HXH9",{"_key":191},"CGA-4MW5-XQPJ-Q4MQ",{"_key":193},"CGA-5J79-5G3G-JM38",{"_key":195},"CGA-6593-4Q8P-CHRG",{"_key":197},"CGA-7459-PG82-VM6J",{"_key":199},"CGA-C5CF-23GJ-CCMF",{"_key":201},"CGA-C79M-39CV-2J6G",{"_key":203},"CGA-C7Q2-88VR-25F8",{"_key":205},"CGA-F2P4-HWHX-72XC",{"_key":207},"CGA-FCF7-4J9R-W6PF",{"_key":209},"CGA-G9JJ-R4G7-867C",{"_key":211},"CGA-H2W5-6W87-GR4V",{"_key":213},"CGA-H655-78W4-797J",{"_key":215},"CGA-P377-VW6X-C695",{"_key":217},"CGA-QMJX-GWCV-4P8X",{"_key":219},"CGA-RJMX-VQFQ-F7RH",{"_key":221},"CGA-WF6C-8HP6-46FV",{"_key":223},"CGA-WVX6-P8CC-2629",{"_key":225},"CGA-X22R-FP37-7VH6",{"_key":227},"CGA-XRQ9-4HFH-G5JH",{"_key":229},"CGA-QX5J-77CF-CV77","2024-07-15T00:00:14.545Z","2025-11-04T16:15:51.183Z","Deferred",{"cisa_kev":234,"cisa_ransomware":234,"cisa_vendor":9,"epss_severity":235,"epss_score":236,"severity":237,"severity_score":238,"severity_version":239,"severity_source":240,"severity_vector":241,"severity_status":232},false,"low",0.07521,"high",8.8,"v3.0","cve.org","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",[243,250,254,258,263,267],{"url":244,"sources":245,"tags":248},"https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5",[240,246,247],"nvd","osv_pypi",[249],"WEB",{"url":251,"sources":252,"tags":253},"https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0",[240,246,247],[249],{"url":255,"sources":256,"tags":257},"https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html",[240,246,247],[249],{"url":259,"sources":260,"tags":261},"https://nvd.nist.gov/vuln/detail/CVE-2024-6345",[247],[262],"Advisory",{"url":264,"sources":265,"tags":266},"https://github.com/pypa/setuptools/pull/4332",[247],[249],{"url":268,"sources":269,"tags":270},"https://github.com/pypa/setuptools",[247],[271],"PACKAGE",[],{"date":274,"score":236,"percentile":275},"2026-06-04",0.91951,[277,281,285,288,290,294,297,300,303,306,309,312,315,317,319,323,326,329,333,336,338,341,344,347,350,353,356,359,362,365,368,370,373,376,379,381,384,387,390,393,396,399,402,404,407,410,413,416,419,421,424,427,430,433,436,439,441,444,447,450,453,456,458,461,464,467,470,473,476,479,482,485,488,490,493,496,499,502,505,507,510,514,517,520,523,526,530,533,536,538],{"date":278,"score":279,"percentile":280},"2025-11-04",0.04688,0.88841,{"date":282,"score":283,"percentile":284},"2025-11-05",0.04801,0.88983,{"date":286,"score":283,"percentile":287},"2025-11-06",0.88976,{"date":289,"score":283,"percentile":284},"2025-11-07",{"date":291,"score":292,"percentile":293},"2025-11-08",0.04814,0.88999,{"date":295,"score":292,"percentile":296},"2025-11-09",0.88996,{"date":298,"score":292,"percentile":299},"2025-11-10",0.88993,{"date":301,"score":292,"percentile":302},"2025-11-11",0.88995,{"date":304,"score":292,"percentile":305},"2025-11-12",0.89001,{"date":307,"score":292,"percentile":308},"2025-11-13",0.89007,{"date":310,"score":292,"percentile":311},"2025-11-14",0.89009,{"date":313,"score":292,"percentile":314},"2025-11-15",0.89005,{"date":316,"score":292,"percentile":311},"2025-11-16",{"date":318,"score":292,"percentile":308},"2025-11-17",{"date":320,"score":321,"percentile":322},"2025-11-18",0.01451,0.79132,{"date":324,"score":321,"percentile":325},"2025-11-19",0.79137,{"date":327,"score":321,"percentile":328},"2025-11-20",0.79143,{"date":330,"score":331,"percentile":332},"2025-11-21",0.0494,0.89155,{"date":334,"score":331,"percentile":335},"2025-11-22",0.89156,{"date":337,"score":331,"percentile":335},"2025-11-23",{"date":339,"score":331,"percentile":340},"2025-11-24",0.89158,{"date":342,"score":292,"percentile":343},"2025-11-25",0.89028,{"date":345,"score":292,"percentile":346},"2025-11-26",0.89025,{"date":348,"score":292,"percentile":349},"2025-11-27",0.89027,{"date":351,"score":292,"percentile":352},"2025-11-28",0.8902,{"date":354,"score":292,"percentile":355},"2025-11-29",0.8909,{"date":357,"score":292,"percentile":358},"2025-11-30",0.89088,{"date":360,"score":292,"percentile":361},"2025-12-01",0.89147,{"date":363,"score":292,"percentile":364},"2025-12-02",0.89149,{"date":366,"score":292,"percentile":367},"2025-12-03",0.89148,{"date":369,"score":292,"percentile":358},"2025-12-04",{"date":371,"score":292,"percentile":372},"2025-12-05",0.89087,{"date":374,"score":292,"percentile":375},"2025-12-06",0.89086,{"date":377,"score":292,"percentile":378},"2025-12-07",0.89085,{"date":380,"score":292,"percentile":378},"2025-12-08",{"date":382,"score":292,"percentile":383},"2025-12-09",0.89091,{"date":385,"score":292,"percentile":386},"2025-12-10",0.89108,{"date":388,"score":292,"percentile":389},"2025-12-11",0.89109,{"date":391,"score":292,"percentile":392},"2025-12-12",0.89112,{"date":394,"score":292,"percentile":395},"2025-12-13",0.89113,{"date":397,"score":292,"percentile":398},"2025-12-14",0.89114,{"date":400,"score":292,"percentile":401},"2025-12-15",0.89116,{"date":403,"score":292,"percentile":401},"2025-12-16",{"date":405,"score":292,"percentile":406},"2025-12-17",0.8912,{"date":408,"score":331,"percentile":409},"2025-12-18",0.89265,{"date":411,"score":331,"percentile":412},"2025-12-19",0.89266,{"date":414,"score":331,"percentile":415},"2025-12-20",0.89264,{"date":417,"score":331,"percentile":418},"2025-12-21",0.89272,{"date":420,"score":331,"percentile":418},"2025-12-22",{"date":422,"score":331,"percentile":423},"2025-12-23",0.89275,{"date":425,"score":331,"percentile":426},"2025-12-24",0.89281,{"date":428,"score":331,"percentile":429},"2025-12-25",0.89292,{"date":431,"score":331,"percentile":432},"2025-12-26",0.8929,{"date":434,"score":331,"percentile":435},"2025-12-27",0.89337,{"date":437,"score":331,"percentile":438},"2025-12-28",0.89285,{"date":440,"score":331,"percentile":426},"2025-12-29",{"date":442,"score":331,"percentile":443},"2025-12-30",0.89288,{"date":445,"score":331,"percentile":446},"2025-12-31",0.89295,{"date":448,"score":331,"percentile":449},"2026-01-01",0.89367,{"date":451,"score":331,"percentile":452},"2026-01-02",0.8936,{"date":454,"score":331,"percentile":455},"2026-01-03",0.89359,{"date":457,"score":331,"percentile":446},"2026-01-04",{"date":459,"score":331,"percentile":460},"2026-01-05",0.89293,{"date":462,"score":292,"percentile":463},"2026-01-06",0.89161,{"date":465,"score":292,"percentile":466},"2026-01-07",0.89163,{"date":468,"score":292,"percentile":469},"2026-01-08",0.89169,{"date":471,"score":292,"percentile":472},"2026-01-09",0.89173,{"date":474,"score":292,"percentile":475},"2026-01-10",0.89174,{"date":477,"score":292,"percentile":478},"2026-01-11",0.89166,{"date":480,"score":292,"percentile":481},"2026-01-12",0.89164,{"date":483,"score":292,"percentile":484},"2026-01-13",0.89162,{"date":486,"score":292,"percentile":487},"2026-01-14",0.89176,{"date":489,"score":292,"percentile":487},"2026-01-15",{"date":491,"score":292,"percentile":492},"2026-01-16",0.89182,{"date":494,"score":292,"percentile":495},"2026-01-17",0.89185,{"date":497,"score":292,"percentile":498},"2026-01-18",0.89183,{"date":500,"score":292,"percentile":501},"2026-01-19",0.89178,{"date":503,"score":292,"percentile":504},"2026-01-20",0.8918,{"date":506,"score":292,"percentile":495},"2026-01-21",{"date":508,"score":292,"percentile":509},"2026-01-22",0.89189,{"date":511,"score":512,"percentile":513},"2026-01-23",0.0638,0.90741,{"date":515,"score":512,"percentile":516},"2026-01-24",0.90749,{"date":518,"score":512,"percentile":519},"2026-01-25",0.9075,{"date":521,"score":512,"percentile":522},"2026-01-26",0.90751,{"date":524,"score":512,"percentile":525},"2026-01-27",0.90754,{"date":527,"score":528,"percentile":529},"2026-01-28",0.06543,0.9089,{"date":531,"score":528,"percentile":532},"2026-01-29",0.90891,{"date":534,"score":528,"percentile":535},"2026-01-30",0.90889,{"date":537,"score":528,"percentile":532},"2026-01-31",{"date":539,"score":528,"percentile":540},"2026-02-01",0.90947,[542,547,549],{"source":240,"cvss_v2_0":9,"cvss_v3_0":543,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":238,"baseSeverity":544,"vectorString":241,"impactScore":545,"exploitabilityScore":546},"HIGH",9.8,7.2,{"source":246,"cvss_v2_0":9,"cvss_v3_0":548,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":238,"baseSeverity":544,"vectorString":241,"impactScore":545,"exploitabilityScore":546},{"source":247,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":550,"cvss_v4_0":552},{"baseScore":238,"baseSeverity":9,"vectorString":551,"impactScore":545,"exploitabilityScore":546},"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",{"baseScore":553,"baseSeverity":9,"vectorString":554,"impactScore":9,"exploitabilityScore":9},7.5,"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[556,568],{"ecosystem":9,"name":557,"vendor":558,"product":557,"cpe_part":559,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":560},"pypa/setuptools","pypa","a",[561],{"version":562,"is_range":563,"range_type":240,"version_start":564,"version_start_type":565,"version_end":566,"version_end_type":567,"fixed_in":9},">= unspecified, \u003C 70.0",true,"unspecified","including","70.0","excluding",{"ecosystem":569,"name":570,"vendor":569,"product":570,"cpe_part":9,"purl_type":571,"purl_namespace":9,"purl_name":570,"source":9,"versions":572},"PyPI","setuptools","pypi",[573],{"version":574,"is_range":563,"range_type":575,"version_start":9,"version_start_type":9,"version_end":576,"version_end_type":567,"fixed_in":9},"lt70_0_0","ecosystem","70.0.0"]