A vulnerability has been discovered in Setuptools, which can lead to denial of service.
Package | dev-python/setuptools on all architectures |
---|---|
Affected versions | < 65.5.1 |
Unaffected versions | >= 65.5.1 |
Setuptools is a manager for Python packages.
A vulnerability has been discovered in Setuptools. See the impact field.
An inefficiency in a regular expression may end in a denial of service if an user is fetching malicious HTML from a package in PyPI or a custom PackageIndex page.
There is no known workaround at this time.
All Setuptools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-python/setuptools-65.5.1"
Release date
May 05, 2024
Latest revision
May 05, 2024: 1
Severity
normal
Exploitable
remote
Bugzilla entries