Ergonomic, hermetic, user-friendly software build system for Python, Go, Java, Kotlin, Protobuf, Scala, Shell. Pants lets you fearlessly scale up your codebase!

Pants

Hi folks! We HIGHLY recommend looking at <https://github.com/pantsbuild/pants/issues/21184> and taking immediate steps to mitigate, as suggested there. This is a remote code execution vulnerability in versions of setuptools including the default version Pants uses.

There are some POC attacks here: <https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5>

Some of them are a bit silly - if someone is running a malicious setup.py then they are already running code, so being able to exec via a URL hardly seems necessary. But a malicious package index is devious.