FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py39-setuptools -- denial of service vulnerability

Affected packages
py39-setuptools < 44.1.1_1
57.0.0 <= py39-setuptools < 58.5.3_3
62.1.0 <= py39-setuptools < 63.1.0_1

Details

VuXML ID 1b38aec4-4149-4c7d-851c-3c4de3a1fbd0
Discovery 2022-12-23
Entry 2023-04-09

SCH227 reports:

Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects.

Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in `package_index`.

This has been patched in version 65.5.1. The patch backported to the revision 63.1.0_1.

[source]

References

CVE Name CVE-2022-40897
URL https://osv.dev/vulnerability/GHSA-r9hx-vwmv-q579

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.