CVE-2022-40897

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in `package_index`. This has been patched in version 65.5.1.

Las herramientas de configuración Python Packaging Authority (PyPA) anteriores a 65.5.1 permiten a atacantes remotos provocar una Denegación de Servicio (DoS) a través de HTML en un paquete manipulado o en una página PackageIndex personalizada. Hay una Denegación de Servicio (DoS) de expresión regular (ReDoS) en package_index.py.