Inefficient Regular Expression Complexity
CVE-2022-40897
Summary
Python Packaging Authority (PyPA) setuptools prior to 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in "package_index.py".
- HIGH
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
References
Advisory Timeline
- Published