Investigate vulnerability: setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write (#165) · Issues · OCF / capif · GitLab

Investigate vulnerability: setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write

Issue created from vulnerability <a href="https://labs.etsi.org/rep/ocf/capif/-/security/vulnerabilities/12">12</a> ### Description: A path traversal vulnerability in `PackageIndex` was fixed in setuptools version 78.1.1 * Severity: high * Location: [services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt](https://labs.etsi.org/rep/rep/ocf/capif/-/blob/e0aeae5bfbf96a27a90486a702b28d9f3621ce1c/services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt) ### Solution: Upgrade to version 78.1.1 or above. ### Identifiers: * Gemnasium-dbdee1fb-22c9-4df5-878a-b913bafb9cf8 * [CVE-2025-47273](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47273) * [GHSA-5rjg-fvgr-3xxf](https://github.com/advisories/GHSA-5rjg-fvgr-3xxf) * [CWE-22](https://cwe.mitre.org/data/definitions/22.html) * [CWE-937](https://cwe.mitre.org/data/definitions/937.html) * [CWE-1035](https://cwe.mitre.org/data/definitions/1035.html) ### Scanner: * Name: gemnasium-python

issue