Lucene search

K

FreeBSD1B38AEC4-4149-4C7D-851C-3C4DE3A1FBD0

HistoryDec 23, 2022 - 12:00 a.m.

py39-setuptools -- denial of service vulnerability

2022-12-2300:00:00

vuxml.freebsd.org

63

setuptools

denial of service

version 65.5.1

pypi

packageindex

patch

unix

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.005 Low

EPSS

Percentile

77.5%

SCH227 reports:

Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects.
Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in package_index.
This has been patched in version 65.5.1. The patch backported to the revision 63.1.0_1.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchpy39-setuptools< 44.1.1_1UNKNOWN

References

osv.dev/vulnerability/GHSA-r9hx-vwmv-q579

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.005 Low

EPSS

Percentile

77.5%

Related for 1B38AEC4-4149-4C7D-851C-3C4DE3A1FBD0