Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
Created python-setuptools tracking bugs for this issue: Affects: fedora-all [bug 2158677]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0835 https://access.redhat.com/errata/RHSA-2023:0835
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0952 https://access.redhat.com/errata/RHSA-2023:0952
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-40897
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:6793 https://access.redhat.com/errata/RHSA-2023:6793
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:7395 https://access.redhat.com/errata/RHSA-2023:7395
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2985 https://access.redhat.com/errata/RHSA-2024:2985
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2987 https://access.redhat.com/errata/RHSA-2024:2987
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:4421 https://access.redhat.com/errata/RHSA-2024:4421
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:6915 https://access.redhat.com/errata/RHSA-2024:6915