Path to dependency file: /tmp/ws-ua_20220122232947_MZFNWS/archiveExtraction_KXRZMM/PZSZKX/20220122232947/codechung_depth_1/awscli-bundle/awscli-bundle/packages/botocore-1.17.48.tar/botocore-1.17.48/requirements.txt
Path to vulnerable library: /awscli-bundle/awscli-bundle/packages/botocore-1.17.48.tar/botocore-1.17.48/requirements.txt,/awscli-bundle/packages/botocore-1.17.48.tar/botocore-1.17.48/requirements.txt
Path to vulnerable library: /awscli-bundle/awscli-bundle/packages/virtualenv-16.7.8.tar/virtualenv-16.7.8/virtualenv_support/wheel-0.33.6-py2.py3-none-any.whl,/awscli-bundle/packages/virtualenv-16.7.8.tar/virtualenv-16.7.8/virtualenv_support/wheel-0.33.6-py2.py3-none-any.whl
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
CVE-2022-40898 - High Severity Vulnerability
Vulnerable Libraries - wheel-0.33.6.tar.gz, wheel-0.24.0-py2.py3-none-any.whl, wheel-0.33.6-py2.py3-none-any.whl
wheel-0.33.6.tar.gz
A built-package format for Python
Library home page: https://files.pythonhosted.org/packages/59/b0/11710a598e1e148fb7cbf9220fd2a0b82c98e94efbdecb299cb25e7f0b39/wheel-0.33.6.tar.gz
Path to vulnerable library: /awscli-bundle/packages/setup/wheel-0.33.6.tar.gz,/awscli-bundle/awscli-bundle/packages/setup/wheel-0.33.6.tar.gz
Dependency Hierarchy: - :x: **wheel-0.33.6.tar.gz** (Vulnerable Library)
wheel-0.24.0-py2.py3-none-any.whl
A built-package format for Python
Library home page: https://files.pythonhosted.org/packages/e8/14/eaaac12b0432c984a27ad0050a5a0bedc6135df35a0f5f1f35228faf12d4/wheel-0.24.0-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-ua_20220122232947_MZFNWS/archiveExtraction_KXRZMM/PZSZKX/20220122232947/codechung_depth_1/awscli-bundle/awscli-bundle/packages/botocore-1.17.48.tar/botocore-1.17.48/requirements.txt
Path to vulnerable library: /awscli-bundle/awscli-bundle/packages/botocore-1.17.48.tar/botocore-1.17.48/requirements.txt,/awscli-bundle/packages/botocore-1.17.48.tar/botocore-1.17.48/requirements.txt
Dependency Hierarchy: - :x: **wheel-0.24.0-py2.py3-none-any.whl** (Vulnerable Library)
wheel-0.33.6-py2.py3-none-any.whl
A built-package format for Python
Library home page: https://files.pythonhosted.org/packages/00/83/b4a77d044e78ad1a45610eb88f745be2fd2c6d658f9798a15e384b7d57c9/wheel-0.33.6-py2.py3-none-any.whl
Path to vulnerable library: /awscli-bundle/awscli-bundle/packages/virtualenv-16.7.8.tar/virtualenv-16.7.8/virtualenv_support/wheel-0.33.6-py2.py3-none-any.whl,/awscli-bundle/packages/virtualenv-16.7.8.tar/virtualenv-16.7.8/virtualenv_support/wheel-0.33.6-py2.py3-none-any.whl
Dependency Hierarchy: - :x: **wheel-0.33.6-py2.py3-none-any.whl** (Vulnerable Library)
Found in HEAD commit: de1c2b0d1a23367b161c2d995029f9693bd8a155
Found in base branch: master
Vulnerability Details
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
Publish Date: 2022-12-22
URL: CVE-2022-40898
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2022-12-23
Fix Resolution: 0.38.0
Step up your Open Source Security Game with Mend here