FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py27-setuptools44 -- denial of service vulnerability

Affected packages
py27-setuptools44 < 65.5.1


VuXML ID 187ab98e-2953-4495-b379-4060bd4b75ee
Discovery 2022-12-23
Entry 2023-04-09

SCH227 reports:

Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects.

Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in `package_index`.

This has been patched in version 65.5.1.


CVE Name CVE-2022-40897