CVE-2022-40897
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-40897
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40897.json
- Aliases
- Related
- Published
- 2022-12-23T00:15:13Z
- Modified
- 2023-12-06T01:02:35.662444Z
- Details
-
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
- References
-
- https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
- https://security.netapp.com/advisory/ntap-20230214-0001/
- https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be
- https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200
- https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H/
- https://pyup.io/vulnerabilities/CVE-2022-40897/52495/
Affected packages
Git / github.com/pypa/setuptools
Affected versions
0.*
0.6
0.6.1
0.6.10
0.6.11
0.6.12
0.6.13
0.6.14
0.6.15
0.6.16
0.6.17
0.6.18
0.6.19
0.6.2
0.6.20
0.6.21
0.6.23
0.6.24
0.6.25
0.6.26
0.6.27
0.6.28
0.6.29
0.6.3
0.6.30
0.6.31
0.6.32
0.6.33
0.6.34
0.6.35
0.6.36
0.6.37
0.6.38
0.6.39
0.6.4
0.6.40
0.6.41
0.6.42
0.6.43
0.6.44
0.6.45
0.6.46
0.6.47
0.6.48
0.6.49
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.7
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7b1
0.7b2
0.7b3
0.7b4
0.8
0.8b1
0.8b2
0.8b3
0.8b4
0.8b5
0.8b6
0.8b7
0.9
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
1.*
1.0
1.0b1
1.0b2
1.0b3
1.1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.2
1.2b1
1.3
1.3.1
1.3.2
1.4
1.4.1
1.4.2
1.4b1
10.*
10.0
10.0.1
10.1
10.2
10.2.1
11.*
11.0
11.1
11.2
11.3
11.3.1
12.*
12.0
12.0.1
12.0.2
12.0.3
12.0.4
12.0.5
12.1
12.2
12.3
12.4
13.*
13.0
13.0.1
13.0.2
14.*
14.0
14.1
14.1.1
14.2
14.3
14.3.1
15.*
15.0
15.0b1
15.1
15.2
16.*
16.0
17.*
17.0
17.1
17.1.1
18.*
18.0
18.0.1
18.0b1
18.1
18.2
18.3
18.3.1
18.3.2
18.4
18.5
18.6
18.6.1
18.7
18.7.1
18.8
18.8.1
19.*
19.0
19.1
19.1.1
19.2
19.3
19.3b1
19.4
19.4.1
19.5
19.6
19.6.1
19.6.2
19.6b1
19.7
2.*
2.0
2.0.1
2.0.2
2.1
2.1.1
2.1.2
2.2
2.2b1
20.*
20.0
20.1
20.1.1
20.2
20.2.1
20.2.2
20.3
20.3.1
20.4
20.5
25.*
25.1.2
3.*
3.0
3.0.1
3.0.2
3.0b1
3.1
3.2
3.3
3.4
3.4.1
3.4.2
3.4.3
3.4.4
3.5
3.5.1
3.5.2
3.6
3.7
3.7.1
3.7b1
3.8
3.8.1
38.*
38.2.5
4.*
4.0b1
5.*
5.0
5.0.1
5.0.2
5.1
5.2
5.3
5.4
5.4.1
5.4.2
5.5
5.5.1
5.6
5.7
5.8
6.*
6.0
6.0.1
6.0.2
6.0.2b1
6.1
7.*
7.0
7.0b1
8.*
8.0
8.0.1
8.0.2
8.0.3
8.0.4
8.0b1
8.1
8.1b1
8.2
8.2.1
8.3
8.4
9.*
9.0
9.0.1
9.0b1
9.1
Other
archive/bootstrap-py24
archive/distribute
v20.*
v20.10.0
v20.10.1
v20.6.0
v20.6.1
v20.6.2
v20.6.3
v20.6.4
v20.6.5
v20.6.6
v20.6.7
v20.6.8
v20.7.0
v20.8.0
v20.8.1
v20.9.0
v21.*
v21.0.0
v21.1.0
v21.2.0
v21.2.1
v21.2.2
v22.*
v22.0.0
v22.0.1
v22.0.2
v22.0.3
v22.0.4
v22.0.5
v23.*
v23.0.0
v23.1.0
v23.2.0
v23.2.1
v24.*
v24.0.0
v24.0.1
v24.0.2
v24.0.3
v24.1.0
v24.1.1
v24.2.0
v24.2.1
v24.3.0
v24.3.1
v25.*
v25.0.0
v25.0.1
v25.0.2
v25.1.0
v25.1.1
v25.1.2
v25.1.3
v25.1.4
v25.1.5
v25.1.6
v25.2.0
v25.3.0
v25.4.0
v26.*
v26.0.0
v26.1.0
v26.1.1
v27.*
v27.0.0
v27.1.0
v27.1.1
v27.1.2
v27.2.0
v27.3.0
v27.3.1
v28.*
v28.0.0
v28.1.0
v28.1.0b1
v28.2.0b1
v28.3.0
v28.4.0
v28.5.0
v28.6.0
v28.6.1
v28.7.0
v28.7.1
v28.8.0
v29.*
v29.0.0
v29.0.1
v30.*
v30.0.0
v30.1.0
v30.2.0
v30.2.1
v30.3.0
v30.4.0
v31.*
v31.0.0
v31.0.1
v32.*
v32.0.0
v32.1.0
v32.1.1
v32.1.2
v32.1.3
v32.2.0
v32.3.0
v32.3.1
v33.*
v33.0.0
v33.1.0
v33.1.1
v34.*
v34.0.0
v34.0.1
v34.0.2
v34.0.3
v34.1.0
v34.1.1
v34.2.0
v34.3.0
v34.3.1
v34.3.2
v34.3.3
v34.4.0
v34.4.1
v35.*
v35.0.0
v35.0.1
v35.0.2
v36.*
v36.0.0
v36.0.1
v36.1.0
v36.1.1
v36.2.0
v36.2.1
v36.2.2
v36.2.3
v36.2.4
v36.2.5
v36.2.6
v36.2.7
v36.3.0
v36.4.0
v36.5.0
v36.6.0
v36.6.1
v36.7.0
v36.7.1
v36.7.2
v36.7.3
v36.8.0
v37.*
v37.0.0
v38.*
v38.0.0
v38.1.0
v38.2.0
v38.2.1
v38.2.2
v38.2.3
v38.2.4
v38.3.0
v38.4.0
v38.4.1
v38.5.0
v38.5.1
v38.5.2
v38.6.0
v38.6.1
v38.7.0
v39.*
v39.0.0
v39.0.1
v39.1.0
v39.2.0
v40.*
v40.0.0
v40.1.0
v40.1.1
v40.2.0
v40.3.0
v40.4.0
v40.4.1
v40.4.2
v40.4.3
v40.5.0
v40.6.0
v40.6.1
v40.6.2
v40.6.3
v40.7.0
v40.7.1
v40.7.2
v40.7.3
v40.8.0
v40.9.0
v41.*
v41.0.0
v41.0.1
v41.1.0
v41.2.0
v41.3.0
v41.4.0
v41.5.0
v41.5.1
v41.6.0
v42.*
v42.0.0
v42.0.1
v42.0.2
v43.*
v43.0.0
v44.*
v44.0.0
v44.1.0
v44.1.1
v45.*
v45.0.0
v45.1.0
v45.2.0
v45.3.0
v46.*
v46.0.0
v46.1.0
v46.1.1
v46.1.2
v46.1.3
v46.2.0
v46.3.0
v46.3.1
v46.4.0
v47.*
v47.0.0
v47.1.0
v47.1.1
v47.2.0
v47.3.0
v47.3.1
v47.3.2
v48.*
v48.0.0
v49.*
v49.0.0
v49.0.1
v49.1.0
v49.1.1
v49.1.2
v49.1.3
v49.2.0
v49.2.1
v49.3.0
v49.3.1
v49.3.2
v49.4.0
v49.5.0
v49.6.0
v50.*
v50.0.0
v50.0.1
v50.0.2
v50.0.3
v50.1.0
v50.2.0
v50.3.0
v50.3.1
v50.3.2
v51.*
v51.0.0
v51.1.0
v51.1.1
v51.1.2
v51.2.0
v51.3.0
v51.3.1
v51.3.2
v51.3.3
v52.*
v52.0.0
v53.*
v53.0.0
v53.1.0
v54.*
v54.0.0
v54.1.0
v54.1.1
v54.1.2
v54.1.3
v54.2.0
v55.*
v55.0.0
v56.*
v56.0.0
v56.1.0
v56.2.0
v57.*
v57.0.0
v57.1.0
v57.2.0
v57.3.0
v57.4.0
v57.5.0
v58.*
v58.0.0
v58.0.1
v58.0.2
v58.0.3
v58.0.4
v58.1.0
v58.2.0
v58.3.0
v58.4.0
v58.5.0
v58.5.1
v58.5.2
v58.5.3
v59.*
v59.0.0
v59.0.1
v59.1.0
v59.1.1
v59.2.0
v59.3.0
v59.4.0
v59.5.0
v59.6.0
v59.7.0
v59.8.0
v60.*
v60.0.0
v60.0.1
v60.0.2
v60.0.3
v60.0.4
v60.0.5
v60.1.0
v60.1.1
v60.10.0
v60.2.0
v60.3.0
v60.3.1
v60.4.0
v60.5.0
v60.5.1
v60.5.2
v60.5.3
v60.5.4
v60.6.0
v60.7.0
v60.7.1
v60.8.0
v60.8.1
v60.8.2
v60.9.0
v60.9.1
v60.9.2
v60.9.3
v61.*
v61.0.0
v61.1.0
v61.1.1
v61.2.0
v61.3.0
v61.3.1
v62.*
v62.0.0
v62.1.0
v62.2.0
v62.3.0
v62.3.1
v62.3.2
v62.3.3
v62.3.4
v62.4.0
v62.5.0
v62.6.0
v63.*
v63.0.0
v63.0.0b1
v63.1.0
v63.2.0
v63.3.0
v63.4.0
v63.4.1
v63.4.2
v63.4.3
v64.*
v64.0.0
v64.0.0b1
v64.0.1
v64.0.2
v64.0.3
v65.*
v65.0.0
v65.0.1
v65.0.2
v65.1.0
v65.1.1
v65.2.0
v65.3.0
v65.4.0
v65.4.1
v65.5.0