CVE-2022-40897

Published December 23rd, 2022

View on NVD ↗

CVSS v3

5.9

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

pypa/setuptools

Official project repository for the Setuptools build system

GitHub

2.83K