Advisories for Pypi/Multicast package

2025

multicast in source builds from vulnerable setuptools dependency

Some source-builds may be impacted by a CWE-1395 (eg. vulnerable setuptools dependency). Multicast prior to v2.0.9a3 on systems with minimal dependancies installed may use setuptools <78.1.1 and thus rely on a compromised dependency. In some cases there is a chance that source-builds would fail due to an exploit of the closely related CVE-2025-47273, or become arbitrarily modified.