Home > Vulnerability Database > CVE-2022-40897

Mend.io Vulnerability Database

CVE-2022-40897

Good to know:

Date: December 21, 2022

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

Language: Python

Severity Score

5.9

Related Resources (24)

Url: https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/

Url: https://security.netapp.com/advisory/ntap-20230214-0001/

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-40897

Url: https://github.com/pypa/setuptools

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H

Url: https://access.redhat.com/security/cve/CVE-2022-40897

Url: https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R

Url: https://github.com/pypa/setuptools/issues/3659

Url: https://setuptools.pypa.io/en/latest

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R/

Url: https://pyup.io/vulnerabilities/CVE-2022-40897/52495

Url: https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be

Url: https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1

Url: https://security.netapp.com/advisory/ntap-20240621-0006

Url: https://pyup.io/vulnerabilities/CVE-2022-40897/52495/

Url: https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R

Url: https://security.netapp.com/advisory/ntap-20240621-0006/

Url: https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2022-43012.yaml

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H

Url: https://security.netapp.com/advisory/ntap-20230214-0001

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H/

Url: https://www.mend.io/vulnerability-database/CVE-2022-40897

Severity Score

5.9

Weakness Type (CWE)

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version setuptools - 65.5.1

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-40897

Good to know:

Date: December 21, 2022

Language: Python

Severity Score

Related Resources (24)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?