Please update the security advisory status after evaluating. Publish the advisory
once it has been verified (since it has been created in draft mode).
Description
Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
A new security advisory was open in this repository. See https://github.com/ansys/pyansys-tools-report/security/advisories/GHSA-2q8c-5fcp-rq86.
NOTE
Please update the security advisory status after evaluating. Publish the advisory once it has been verified (since it has been created in draft mode).
Description
Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
More information
Visit https://pyup.io/v/52495/f17 to find out more information.