CVE-2022-40897

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-40897
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-40897.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-40897
Aliases
Downstream
Related
Published
2022-12-23T00:15:13.987Z
Modified
2026-01-06T15:11:20.496574Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

References

Affected packages

Git / github.com/pypa/setuptools

Affected ranges

Type
GIT
Repo
https://github.com/pypa/setuptools
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
43a9c9bfa6aa626ec2a22540bea28d2ca77964be

Affected versions

0.*

0.6
0.6.1
0.6.10
0.6.11
0.6.12
0.6.13
0.6.14
0.6.15
0.6.16
0.6.17
0.6.18
0.6.19
0.6.2
0.6.20
0.6.21
0.6.23
0.6.24
0.6.25
0.6.26
0.6.27
0.6.28
0.6.29
0.6.3
0.6.30
0.6.31
0.6.32
0.6.33
0.6.34
0.6.35
0.6.36
0.6.37
0.6.38
0.6.39
0.6.4
0.6.40
0.6.41
0.6.42
0.6.43
0.6.44
0.6.45
0.6.46
0.6.47
0.6.48
0.6.49
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.7
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7b1
0.7b2
0.7b3
0.7b4
0.8
0.8b1
0.8b2
0.8b3
0.8b4
0.8b5
0.8b6
0.8b7
0.9
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8

1.*

1.0
1.0b1
1.0b2
1.0b3
1.1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.2
1.2b1
1.3
1.3.1
1.3.2
1.4
1.4.1
1.4.2
1.4b1

10.*

10.0
10.0.1
10.1
10.2
10.2.1

11.*

11.0
11.1
11.2
11.3
11.3.1

12.*

12.0
12.0.1
12.0.2
12.0.3
12.0.4
12.0.5
12.1
12.2
12.3
12.4

13.*

13.0
13.0.1
13.0.2

14.*

14.0
14.1
14.1.1
14.2
14.3
14.3.1

15.*

15.0
15.0b1
15.1
15.2

16.*

16.0

17.*

17.0
17.1
17.1.1

18.*

18.0
18.0.1
18.0b1
18.1
18.2
18.3
18.3.1
18.3.2
18.4
18.5
18.6
18.6.1
18.7
18.7.1
18.8
18.8.1

19.*

19.0
19.1
19.1.1
19.2
19.3
19.3b1
19.4
19.4.1
19.5
19.6
19.6.1
19.6.2
19.6b1
19.7

2.*

2.0
2.0.1
2.0.2
2.1
2.1.1
2.1.2
2.2
2.2b1

20.*

20.0
20.1
20.1.1
20.2
20.2.1
20.2.2
20.3
20.3.1
20.4
20.5

25.*

25.1.2

3.*

3.0
3.0.1
3.0.2
3.0b1
3.1
3.2
3.3
3.4
3.4.1
3.4.2
3.4.3
3.4.4
3.5
3.5.1
3.5.2
3.6
3.7
3.7.1
3.7b1
3.8
3.8.1

38.*

38.2.5

4.*

4.0b1

5.*

5.0
5.0.1
5.0.2
5.1
5.2
5.3
5.4
5.4.1
5.4.2
5.5
5.5.1
5.6
5.7
5.8

6.*

6.0
6.0.1
6.0.2
6.0.2b1
6.1

7.*

7.0
7.0b1

8.*

8.0
8.0.1
8.0.2
8.0.3
8.0.4
8.0b1
8.1
8.1b1
8.2
8.2.1
8.3
8.4

9.*

9.0
9.0.1
9.0b1
9.1

Other

archive/bootstrap-py24
archive/distribute

v20.*

v20.10.0
v20.10.1
v20.6.0
v20.6.1
v20.6.2
v20.6.3
v20.6.4
v20.6.5
v20.6.6
v20.6.7
v20.6.8
v20.7.0
v20.8.0
v20.8.1
v20.9.0

v21.*

v21.0.0
v21.1.0
v21.2.0
v21.2.1
v21.2.2

v22.*

v22.0.0
v22.0.1
v22.0.2
v22.0.3
v22.0.4
v22.0.5

v23.*

v23.0.0
v23.1.0
v23.2.0
v23.2.1

v24.*

v24.0.0
v24.0.1
v24.0.2
v24.0.3
v24.1.0
v24.1.1
v24.2.0
v24.2.1
v24.3.0
v24.3.1

v25.*

v25.0.0
v25.0.1
v25.0.2
v25.1.0
v25.1.1
v25.1.2
v25.1.3
v25.1.4
v25.1.5
v25.1.6
v25.2.0
v25.3.0
v25.4.0

v26.*

v26.0.0
v26.1.0
v26.1.1

v27.*

v27.0.0
v27.1.0
v27.1.1
v27.1.2
v27.2.0
v27.3.0
v27.3.1

v28.*

v28.0.0
v28.1.0
v28.1.0b1
v28.2.0b1
v28.3.0
v28.4.0
v28.5.0
v28.6.0
v28.6.1
v28.7.0
v28.7.1
v28.8.0

v29.*

v29.0.0
v29.0.1

v30.*

v30.0.0
v30.1.0
v30.2.0
v30.2.1
v30.3.0
v30.4.0

v31.*

v31.0.0
v31.0.1

v32.*

v32.0.0
v32.1.0
v32.1.1
v32.1.2
v32.1.3
v32.2.0
v32.3.0
v32.3.1

v33.*

v33.0.0
v33.1.0
v33.1.1

v34.*

v34.0.0
v34.0.1
v34.0.2
v34.0.3
v34.1.0
v34.1.1
v34.2.0
v34.3.0
v34.3.1
v34.3.2
v34.3.3
v34.4.0
v34.4.1

v35.*

v35.0.0
v35.0.1
v35.0.2

v36.*

v36.0.0
v36.0.1
v36.1.0
v36.1.1
v36.2.0
v36.2.1
v36.2.2
v36.2.3
v36.2.4
v36.2.5
v36.2.6
v36.2.7
v36.3.0
v36.4.0
v36.5.0
v36.6.0
v36.6.1
v36.7.0
v36.7.1
v36.7.2
v36.7.3
v36.8.0

v37.*

v37.0.0

v38.*

v38.0.0
v38.1.0
v38.2.0
v38.2.1
v38.2.2
v38.2.3
v38.2.4
v38.3.0
v38.4.0
v38.4.1
v38.5.0
v38.5.1
v38.5.2
v38.6.0
v38.6.1
v38.7.0

v39.*

v39.0.0
v39.0.1
v39.1.0
v39.2.0

v40.*

v40.0.0
v40.1.0
v40.1.1
v40.2.0
v40.3.0
v40.4.0
v40.4.1
v40.4.2
v40.4.3
v40.5.0
v40.6.0
v40.6.1
v40.6.2
v40.6.3
v40.7.0
v40.7.1
v40.7.2
v40.7.3
v40.8.0
v40.9.0

v41.*

v41.0.0
v41.0.1
v41.1.0
v41.2.0
v41.3.0
v41.4.0
v41.5.0
v41.5.1
v41.6.0

v42.*

v42.0.0
v42.0.1
v42.0.2

v43.*

v43.0.0

v44.*

v44.0.0
v44.1.0
v44.1.1

v45.*

v45.0.0
v45.1.0
v45.2.0
v45.3.0

v46.*

v46.0.0
v46.1.0
v46.1.1
v46.1.2
v46.1.3
v46.2.0
v46.3.0
v46.3.1
v46.4.0

v47.*

v47.0.0
v47.1.0
v47.1.1
v47.2.0
v47.3.0
v47.3.1
v47.3.2

v48.*

v48.0.0

v49.*

v49.0.0
v49.0.1
v49.1.0
v49.1.1
v49.1.2
v49.1.3
v49.2.0
v49.2.1
v49.3.0
v49.3.1
v49.3.2
v49.4.0
v49.5.0
v49.6.0

v50.*

v50.0.0
v50.0.1
v50.0.2
v50.0.3
v50.1.0
v50.2.0
v50.3.0
v50.3.1
v50.3.2

v51.*

v51.0.0
v51.1.0
v51.1.1
v51.1.2
v51.2.0
v51.3.0
v51.3.1
v51.3.2
v51.3.3

v52.*

v52.0.0

v53.*

v53.0.0
v53.1.0

v54.*

v54.0.0
v54.1.0
v54.1.1
v54.1.2
v54.1.3
v54.2.0

v55.*

v55.0.0

v56.*

v56.0.0
v56.1.0
v56.2.0

v57.*

v57.0.0
v57.1.0
v57.2.0
v57.3.0
v57.4.0
v57.5.0

v58.*

v58.0.0
v58.0.1
v58.0.2
v58.0.3
v58.0.4
v58.1.0
v58.2.0
v58.3.0
v58.4.0
v58.5.0
v58.5.1
v58.5.2
v58.5.3

v59.*

v59.0.0
v59.0.1
v59.1.0
v59.1.1
v59.2.0
v59.3.0
v59.4.0
v59.5.0
v59.6.0
v59.7.0
v59.8.0

v60.*

v60.0.0
v60.0.1
v60.0.2
v60.0.3
v60.0.4
v60.0.5
v60.1.0
v60.1.1
v60.10.0
v60.2.0
v60.3.0
v60.3.1
v60.4.0
v60.5.0
v60.5.1
v60.5.2
v60.5.3
v60.5.4
v60.6.0
v60.7.0
v60.7.1
v60.8.0
v60.8.1
v60.8.2
v60.9.0
v60.9.1
v60.9.2
v60.9.3

v61.*

v61.0.0
v61.1.0
v61.1.1
v61.2.0
v61.3.0
v61.3.1

v62.*

v62.0.0
v62.1.0
v62.2.0
v62.3.0
v62.3.1
v62.3.2
v62.3.3
v62.3.4
v62.4.0
v62.5.0
v62.6.0

v63.*

v63.0.0
v63.0.0b1
v63.1.0
v63.2.0
v63.3.0
v63.4.0
v63.4.1
v63.4.2
v63.4.3

v64.*

v64.0.0
v64.0.0b1
v64.0.1
v64.0.2
v64.0.3

v65.*

v65.0.0
v65.0.1
v65.0.2
v65.1.0
v65.1.1
v65.2.0
v65.3.0
v65.4.0
v65.4.1
v65.5.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-40897.json"