CVE-2022-40897

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-40897

Severity

5.9

Medium

CVSS V3

Description

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

References

https://images.chainguard.dev/security/CGA-x3hv-8fr7-c36f
https://github.com/advisories/GHSA-r9hx-vwmv-q579
https://images.chainguard.dev/security/CGA-m8xg-mp9m-vv53
https://images.chainguard.dev/security/CGA-p8qx-6mm9-42fc
https://images.chainguard.dev/security/CGA-pr8m-w2c3-jgf2
https://images.chainguard.dev/security/CGA-hwrr-cmcx-vm99
https://images.chainguard.dev/security/CGA-3rvp-j9gw-jj96
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H/
https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html
https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200
https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be
https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
https://pyup.io/vulnerabilities/CVE-2022-40897/52495/
https://security.netapp.com/advisory/ntap-20230214-0001/
https://security.netapp.com/advisory/ntap-20240621-0006/

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2022-40897

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company