Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-40897

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

Related bugs and status

CVE-2022-40897 (Candidate) is related to these bugs:

Bug #2048424: Multiple CVE's reported for stock Python

Summary				In	Importance	Status
	2048424	Multiple CVE's reported for stock Python		python-pip (Ubuntu)	Undecided	Expired

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/pyp...
MISC: https://pyup.io/posts/...
CONFIRM: https://github.com/pyp...
MISC: https://github.com/pyp...
MISC: https://pyup.io/vulner...
CONFIRM: https://security.netap...
FEDORA: FEDORA-2023-9992b32c1f
FEDORA: FEDORA-2023-60e2b22be0
CONFIRM: https://security.netap...