CVE-2022-40898

wheel

on pypi

pypa/wheel

on github

Published

December 23, 2022

Severity

CVSS v3:

7.5 HIGH

CVSS v2:

N/A

Description

An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.

References

https://pypi.org/project/wheel/
https://github.com/pypa/wheel/blob/main/src/wheel/wheelfile.py#L18
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:wheel_project:wheel::::::python::*	n/a	0.38.1	*

External Links

NVD - CVE-2022-40898