CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40897 – pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py
https://notcve.org/view.php?id=CVE-2022-40897
22 Dec 2022 — Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. Las herramientas de configuración Python Packaging Authority (PyPA) anteriores a 65.5.1 permiten a atacantes remotos provocar una Denegación de Servicio (DoS) a través de HTML en un paquete manipulado o en una página PackageIndex personalizada. Hay una Denegación ... • https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 • CWE-185: Incorrect Regular Expression CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0CVE-2013-1633 – Mandriva Linux Security Advisory 2013-227
https://notcve.org/view.php?id=CVE-2013-1633
06 Aug 2013 — easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product. easy_install en setuptools anterior a v0.7 utiliza HTTP para recuperar paquetes del repositorio PyPI, y no realiza comprobaciones de integridad en el contenido del paquete, que permite a atacantes man-in-the-middle ejecutar código ar... • http://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a • CWE-20: Improper Input Validation •