CVE-2022-40898

An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package python3-module-setuptools updated to version 65.5.1-alt1 for branch sisyphus_mipsel.

Published: 2022-12-22

BDU:2023-02445

Уязвимость инструментов установки пакетов Python Packaging Authority, связанная с некорректным регулярным выражением, позволяющая нарушителю вызывать отказ в обслуживании

Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2022-40897

Published: 2022-12-23
Modified: 2024-11-21

CVE-2022-40897

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package xfce4-places-plugin updated to version 1.8.3-alt1 for branch sisyphus_mipsel.

xfce4-places-plugin does not clean recent documents

Version: 2.1.0

Branch sisyphus_mipsel update on 2022-11-17

ALT-BU-2022-7088-1

ALT-PU-2022-7085-1

Closed vulnerabilities

CVE-2022-40898

ALT-PU-2022-7086-1

Closed vulnerabilities

BDU:2023-02445

CVE-2022-40897

ALT-PU-2022-7087-1

Closed bugs

Bug #43933