CVE-2022-40897 Information

Description

An issue discovered in Python Packaging Authority (PyPA) setuptools 65.3.0 and earlier allows remote attackers to cause a denial of service via crafted HTML package or custom PackageIndex page.

Reference

https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/