.avif)
View all vulnerabilities
CVE-2022-40897
pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)
Description
Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in `package_index`. This has been patched in version 65.5.1.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgradingVulnerability Details
Score
7.5
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions
setuptools < 65.5.1
Severity
High
High
High
Ecosystem
Python
Publish Date
December 22, 2022
Modified Date
November 19, 2024