Lucene search

K

[email protected]NVD:CVE-2022-40897

HistoryDec 23, 2022 - 12:15 a.m.

CVE-2022-40897

2022-12-2300:15:13

CWE-1333

[email protected]

web.nvd.nist.gov

setuptools

vulnerability

denial of service

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.005 Low

EPSS

Percentile

77.5%

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

Affected configurations

NVD

Node

pythonsetuptoolsRange<65.5.1

References

github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200

github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be

github.com/pypa/setuptools/compare/v65.5.0...v65.5.1

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H/

pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/

pyup.io/vulnerabilities/CVE-2022-40897/52495/

security.netapp.com/advisory/ntap-20230214-0001/

security.netapp.com/advisory/ntap-20240621-0006/

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.005 Low

EPSS

Percentile

77.5%

Related for NVD:CVE-2022-40897