[Snyk] Security upgrade setuptools from 40.5.0 to 70.0.0

[madchap]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

• requirements.txt

⚠️ Warning

``` pyOpenSSL 24.1.0 has requirement cryptography<43,>=41.0.5, but you have cryptography 41.0.3. celery 5.3.0 requires kombu, which is not installed.

</details>





---

> [!IMPORTANT]
>
> - Check the changes in this PR to ensure they won't cause issues with your project.
> - Max score is 1000. Note that the real score may have changed since the PR was raised.
> - This PR was automatically created by Snyk using the credentials of a real user.
> - Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

---

**Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI1MGQwY2U5Ny0yNzg4LTQ0MDQtOTIxNy0zMmM0OWUzNGQ0N2YiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjUwZDBjZTk3LTI3ODgtNDQwNC05MjE3LTMyYzQ5ZTM0ZDQ3ZiJ9fQ==" width="0" height="0"/>
🧐 [View latest project report](https://app.snyk.io/org/fred.blaise/project/3da93305-fd32-485a-bec3-829542f40e3d?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr)
📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates)
🛠 [Adjust project settings](https://app.snyk.io/org/fred.blaise/project/3da93305-fd32-485a-bec3-829542f40e3d?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings)
📚 [Read about Snyk's upgrade logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)

---

**Learn how to fix vulnerabilities with free interactive lessons:**

🦉 [Improper Control of Generation of Code (&#x27;Code Injection&#x27;)](https://learn.snyk.io/lesson/malicious-code-injection/?loc&#x3D;fix-pr)

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"setuptools","from":"40.5.0","to":"70.0.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-PYTHON-SETUPTOOLS-7448482","priority_score":768,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Control of Generation of Code ('Code Injection')"}],"prId":"50d0ce97-2788-4404-9217-32c49e34d47f","prPublicId":"50d0ce97-2788-4404-9217-32c49e34d47f","packageManager":"pip","priorityScoreList":[768],"projectPublicId":"3da93305-fd32-485a-bec3-829542f40e3d","projectUrl":"https://app.snyk.io/org/fred.blaise/project/3da93305-fd32-485a-bec3-829542f40e3d?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"type":"auto","upgrade":[],"vulns":["SNYK-PYTHON-SETUPTOOLS-7448482"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'

[secureflag-knowledge-base]

Server-Side Template Injection

Play Labs on this vulnerability with SecureFlag!

Description

Server-Side Template Injection (also referred to as SSTI) is a class of vulnerability related to an inappropriate usage of template engines and can be leveraged to potentially execute code on the system. SSTI attacks occur when instead of being passed in as data, user input is concatenated into a template. When an attacker embeds a malicious payload into a server-side executed template, this can result in the execution of remote code on the server.

Server side template engines are often used by web applications as a way of easily managing dynamic content in web pages and emails. They are particularly common in applications that offer rich functionality such as blogs, marketing applications, and content management systems. Safeguards in the form of sandboxes have been built by many template engines to counter this risk; however, attackers are often able to escape the template engine sandbox and access the underlying operating system.

Read more

Impact

SSTI vulnerabilities are usually scored with high severity given their propensity to end in full remote code execution. A malicious actor executing a successful SSTI attack could gain complete access to the application server by executing code in the template engine context and escaping the sandbox. This could lead to the complete compromise of the server, the application, and the underlying operating system.

Prevention

Developers must:

• Ensure that users are not enabled to submit or modify new templates.
• Use the template engine API as intended, ensuring the separation of logic and presentation where possible by passing dynamic data as a separate context argument of the rendering function.
• Never mix variables and template strings.

Testing

Verify that the application protects against template injection attacks by ensuring that any user input being included is sanitized or sandboxed.

• OWASP ASVS: 5.2.5
• OWASP Testing Guide: Testing for Server-Side Template Injection

View this in the SecureFlag Knowledge Base