Inefficient Regular Expression Complexity
CVE-2022-40898
Summary
An issue discovered in Python Packaging Authority (PyPA) Wheel versions through 0.37.1 and earlier allows remote attackers to cause a regular expression denial of service via attacker-controlled input to wheel cli.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
References
Advisory Timeline
- Published