CVE-2022-40898

Опубликовано: 23 дек. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.

Ссылки

https://github.com/pypa/wheel/blob/main/src/wheel/wheelfile.py#L18
Third Party Advisory
https://pypi.org/project/wheel/
Product
Third Party Advisory
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
Exploit
Vendor Advisory
https://github.com/pypa/wheel/blob/main/src/wheel/wheelfile.py#L18
Third Party Advisory
https://pypi.org/project/wheel/
Product
Third Party Advisory
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wheel_project:wheel:*:*:*:*:*:python:*:*

Версия до 0.38.1 (исключая)

EPSS

Процентиль: 38%

0.00162

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-20

Связанные уязвимости

CVE-2022-40898

CVSS3: 7.5

ubuntu

около 3 лет назад

An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.

CVE-2022-40898

CVSS3: 7.5

redhat

около 3 лет назад

An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.

CVE-2022-40898

CVSS3: 7.5

msrc

больше 1 года назад

Описание отсутствует

CVE-2022-40898

CVSS3: 7.5

debian

около 3 лет назад

An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 ...

SUSE-SU-2023:0089-1

suse-cvrf

около 3 лет назад

Security update for python-wheel

EPSS

Процентиль: 38%

0.00162

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-20