Investigate vulnerability: setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write

Issue created from vulnerability 12

Description:

A path traversal vulnerability in PackageIndex was fixed in setuptools version 78.1.1

• Severity: high
• Location: services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt

Solution:

Upgrade to version 78.1.1 or above.

Identifiers:

• Gemnasium-dbdee1fb-22c9-4df5-878a-b913bafb9cf8
• CVE-2025-47273
• GHSA-5rjg-fvgr-3xxf
• CWE-22
• CWE-937
• CWE-1035

Scanner:

• Name: gemnasium-python