A path traversal vulnerability in PackageIndex was found in setuptools. An
attacker would be allowed to write files to arbitrary locations on the
filesystem with the permissions of the process running the Python code, which
could escalate to remote code execution depending on the context.
52.0.0-4+deb11u2