[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-40897":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":34,"duplicate_of":9,"upstream":38,"downstream":39,"duplicates":86,"related":87,"reserved_at":9,"published_at":103,"modified_at":104,"state":105,"summary":106,"references_raw":114,"kevs":218,"epss":219,"epss_history":222,"metrics":488,"affected":504},"CVE-2022-40897","Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-1333","Inefficient Regular Expression Complexity","The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.","weakness","Draft","Base","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-492","Regular Expression Exponential Blowup",[],[25],{"_key":26,"name":27,"source":28,"url":29,"maturity":30,"reliability_score":31,"verified":32,"type":9,"platforms":33,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_342E62D735DDE719","Exploit Reference (pyup.io)","reference","https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/","unknown",0.2,false,[],[35,36,37],"GHSA-r9hx-vwmv-q579","BIT-setuptools-2022-40897","PYSEC-2022-43012",[],[40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84],{"_key":41},"SUSE-SU-2023:0093-1",{"_key":43},"SUSE-SU-2023:0094-1",{"_key":45},"SUSE-SU-2023:0402-1",{"_key":47},"SUSE-SU-2023:0403-1",{"_key":49},"SUSE-SU-2024:2435-1",{"_key":51},"UBUNTU-CVE-2022-40897",{"_key":53},"SUSE-SU-2023:0091-1",{"_key":55},"SUSE-SU-2023:0159-1",{"_key":57},"SUSE-SU-2023:0202-1",{"_key":59},"SUSE-SU-2023:0223-1",{"_key":61},"SUSE-SU-2023:4517-1",{"_key":63},"DLA-3876-1",{"_key":65},"RHSA-2023:0835",{"_key":67},"RHSA-2023:0952",{"_key":69},"RHSA-2023:7395",{"_key":71},"RHSA-2024:4421",{"_key":73},"RHSA-2024:6915",{"_key":75},"MGASA-2023-0219",{"_key":77},"DEBIAN-CVE-2022-40897",{"_key":79},"USN-5817-1",{"_key":81},"RHSA-2023:6793",{"_key":83},"RHSA-2024:2985",{"_key":85},"RHSA-2024:2987",[],[88,89,90,91,92,93,94,95,96,97,98,99,101],{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":75},{"_key":100},"CGA-P8QX-6MM9-42FC",{"_key":102},"CGA-46GG-582C-CWR8","2022-12-22T00:00:00.000Z","2025-11-04T16:09:54.794Z","Modified",{"cisa_kev":32,"cisa_ransomware":32,"cisa_vendor":9,"epss_severity":107,"epss_score":108,"severity":109,"severity_score":110,"severity_version":111,"severity_source":112,"severity_vector":113,"severity_status":105},"low",0.00513,"medium",5.9,"v3.1","cve.org","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",[115,123,130,135,139,144,148,152,156,160,164,169,173,177,181,185,189,193,197,201,205,209,214],{"url":116,"sources":117,"tags":120},"https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200",[112,118,119],"nvd","osv_pypi",[121,122],"Third Party Advisory","WEB",{"url":29,"sources":124,"tags":125},[112,118,119],[126,127,128,129,122],"Exploit","Patch","Technical Description","Vendor Advisory",{"url":131,"sources":132,"tags":133},"https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be",[112,118,119],[127,121,122,134],"FIX",{"url":136,"sources":137,"tags":138},"https://pyup.io/vulnerabilities/CVE-2022-40897/52495/",[112,118,119],[121,122],{"url":140,"sources":141,"tags":142},"https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1",[112,118,119],[143,121,122],"Release Notes",{"url":145,"sources":146,"tags":147},"https://security.netapp.com/advisory/ntap-20230214-0001/",[112,118],[],{"url":149,"sources":150,"tags":151},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H/",[112,118],[129],{"url":153,"sources":154,"tags":155},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R/",[112,118],[129],{"url":157,"sources":158,"tags":159},"https://security.netapp.com/advisory/ntap-20240621-0006/",[112,118],[],{"url":161,"sources":162,"tags":163},"https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html",[112,118,119],[122],{"url":165,"sources":166,"tags":167},"https://nvd.nist.gov/vuln/detail/CVE-2022-40897",[119],[168],"Advisory",{"url":170,"sources":171,"tags":172},"https://github.com/pypa/setuptools/issues/3659",[119],[122],{"url":174,"sources":175,"tags":176},"https://setuptools.pypa.io/en/latest",[119],[122],{"url":178,"sources":179,"tags":180},"https://security.netapp.com/advisory/ntap-20240621-0006",[119],[122],{"url":182,"sources":183,"tags":184},"https://security.netapp.com/advisory/ntap-20230214-0001",[119],[122],{"url":186,"sources":187,"tags":188},"https://pyup.io/vulnerabilities/CVE-2022-40897/52495",[119],[122],{"url":190,"sources":191,"tags":192},"https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages",[119],[122],{"url":194,"sources":195,"tags":196},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H",[119],[122],{"url":198,"sources":199,"tags":200},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R",[119],[122],{"url":202,"sources":203,"tags":204},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H",[119],[122],{"url":206,"sources":207,"tags":208},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R",[119],[122],{"url":210,"sources":211,"tags":212},"https://github.com/pypa/setuptools",[119],[213],"PACKAGE",{"url":215,"sources":216,"tags":217},"https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2022-43012.yaml",[119],[122],[],{"date":220,"score":108,"percentile":221},"2026-06-04",0.66853,[223,227,231,234,237,240,243,246,249,252,255,258,261,264,267,271,274,277,280,283,286,289,291,293,296,299,302,305,308,311,314,317,319,321,324,327,329,332,335,338,341,343,346,349,352,355,359,362,365,367,370,374,377,380,383,386,389,392,395,398,401,404,406,409,413,416,419,423,425,428,431,434,437,440,443,446,449,451,454,457,460,463,466,469,471,474,477,479,482,485],{"date":224,"score":225,"percentile":226},"2025-11-04",0.00339,0.56064,{"date":228,"score":229,"percentile":230},"2025-11-05",0.00459,0.63195,{"date":232,"score":229,"percentile":233},"2025-11-06",0.63203,{"date":235,"score":229,"percentile":236},"2025-11-07",0.6322,{"date":238,"score":229,"percentile":239},"2025-11-08",0.63222,{"date":241,"score":229,"percentile":242},"2025-11-09",0.63216,{"date":244,"score":229,"percentile":245},"2025-11-10",0.63198,{"date":247,"score":229,"percentile":248},"2025-11-11",0.63211,{"date":250,"score":229,"percentile":251},"2025-11-12",0.63231,{"date":253,"score":229,"percentile":254},"2025-11-13",0.63236,{"date":256,"score":229,"percentile":257},"2025-11-14",0.63248,{"date":259,"score":229,"percentile":260},"2025-11-15",0.63239,{"date":262,"score":229,"percentile":263},"2025-11-16",0.6323,{"date":265,"score":229,"percentile":266},"2025-11-17",0.63228,{"date":268,"score":269,"percentile":270},"2025-11-18",0.07794,0.91081,{"date":272,"score":269,"percentile":273},"2025-11-19",0.91084,{"date":275,"score":269,"percentile":276},"2025-11-20",0.91091,{"date":278,"score":229,"percentile":279},"2025-11-21",0.6324,{"date":281,"score":229,"percentile":282},"2025-11-22",0.63246,{"date":284,"score":229,"percentile":285},"2025-11-23",0.63226,{"date":287,"score":229,"percentile":288},"2025-11-24",0.63219,{"date":290,"score":229,"percentile":239},"2025-11-25",{"date":292,"score":229,"percentile":285},"2025-11-26",{"date":294,"score":229,"percentile":295},"2025-11-27",0.63232,{"date":297,"score":229,"percentile":298},"2025-11-28",0.63213,{"date":300,"score":229,"percentile":301},"2025-11-29",0.63184,{"date":303,"score":229,"percentile":304},"2025-11-30",0.63174,{"date":306,"score":229,"percentile":307},"2025-12-01",0.63344,{"date":309,"score":229,"percentile":310},"2025-12-02",0.63361,{"date":312,"score":229,"percentile":313},"2025-12-03",0.63363,{"date":315,"score":229,"percentile":316},"2025-12-04",0.63186,{"date":318,"score":229,"percentile":245},"2025-12-05",{"date":320,"score":229,"percentile":245},"2025-12-06",{"date":322,"score":229,"percentile":323},"2025-12-07",0.63191,{"date":325,"score":229,"percentile":326},"2025-12-08",0.63197,{"date":328,"score":229,"percentile":251},"2025-12-09",{"date":330,"score":229,"percentile":331},"2025-12-10",0.63273,{"date":333,"score":229,"percentile":334},"2025-12-11",0.63288,{"date":336,"score":229,"percentile":337},"2025-12-12",0.6331,{"date":339,"score":229,"percentile":340},"2025-12-13",0.63317,{"date":342,"score":229,"percentile":340},"2025-12-14",{"date":344,"score":229,"percentile":345},"2025-12-15",0.63308,{"date":347,"score":229,"percentile":348},"2025-12-16",0.63322,{"date":350,"score":229,"percentile":351},"2025-12-17",0.63336,{"date":353,"score":229,"percentile":354},"2025-12-18",0.63372,{"date":356,"score":357,"percentile":358},"2025-12-19",0.00529,0.66538,{"date":360,"score":357,"percentile":361},"2025-12-20",0.66537,{"date":363,"score":357,"percentile":364},"2025-12-21",0.66527,{"date":366,"score":357,"percentile":364},"2025-12-22",{"date":368,"score":357,"percentile":369},"2025-12-23",0.6652,{"date":371,"score":372,"percentile":373},"2025-12-24",0.00456,0.63259,{"date":375,"score":372,"percentile":376},"2025-12-25",0.63286,{"date":378,"score":372,"percentile":379},"2025-12-26",0.63284,{"date":381,"score":372,"percentile":382},"2025-12-27",0.63339,{"date":384,"score":372,"percentile":385},"2025-12-28",0.63261,{"date":387,"score":372,"percentile":388},"2025-12-29",0.63252,{"date":390,"score":372,"percentile":391},"2025-12-30",0.63265,{"date":393,"score":372,"percentile":394},"2025-12-31",0.63293,{"date":396,"score":372,"percentile":397},"2026-01-01",0.63484,{"date":399,"score":372,"percentile":400},"2026-01-02",0.63468,{"date":402,"score":372,"percentile":403},"2026-01-03",0.63466,{"date":405,"score":372,"percentile":376},"2026-01-04",{"date":407,"score":372,"percentile":408},"2026-01-05",0.6328,{"date":410,"score":411,"percentile":412},"2026-01-06",0.00443,0.62753,{"date":414,"score":411,"percentile":415},"2026-01-07",0.62774,{"date":417,"score":411,"percentile":418},"2026-01-08",0.62797,{"date":420,"score":421,"percentile":422},"2026-01-09",0.00515,0.65985,{"date":424,"score":421,"percentile":422},"2026-01-10",{"date":426,"score":421,"percentile":427},"2026-01-11",0.65975,{"date":429,"score":421,"percentile":430},"2026-01-12",0.65963,{"date":432,"score":421,"percentile":433},"2026-01-13",0.6596,{"date":435,"score":421,"percentile":436},"2026-01-14",0.65996,{"date":438,"score":421,"percentile":439},"2026-01-15",0.65998,{"date":441,"score":421,"percentile":442},"2026-01-16",0.66017,{"date":444,"score":421,"percentile":445},"2026-01-17",0.66006,{"date":447,"score":421,"percentile":448},"2026-01-18",0.6599,{"date":450,"score":421,"percentile":427},"2026-01-19",{"date":452,"score":421,"percentile":453},"2026-01-20",0.65988,{"date":455,"score":421,"percentile":456},"2026-01-21",0.65999,{"date":458,"score":421,"percentile":459},"2026-01-22",0.6601,{"date":461,"score":421,"percentile":462},"2026-01-23",0.66041,{"date":464,"score":421,"percentile":465},"2026-01-24",0.66048,{"date":467,"score":421,"percentile":468},"2026-01-25",0.66014,{"date":470,"score":421,"percentile":445},"2026-01-26",{"date":472,"score":421,"percentile":473},"2026-01-27",0.66016,{"date":475,"score":421,"percentile":476},"2026-01-28",0.66027,{"date":478,"score":421,"percentile":476},"2026-01-29",{"date":480,"score":421,"percentile":481},"2026-01-30",0.66038,{"date":483,"score":421,"percentile":484},"2026-01-31",0.6604,{"date":486,"score":421,"percentile":487},"2026-02-01",0.66187,[489,494,496],{"source":112,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":490,"cvss_v4_0":9},{"baseScore":110,"baseSeverity":491,"vectorString":113,"impactScore":492,"exploitabilityScore":493},"MEDIUM",6,5.6,{"source":118,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":495,"cvss_v4_0":9},{"baseScore":110,"baseSeverity":491,"vectorString":113,"impactScore":492,"exploitabilityScore":493},{"source":119,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":497,"cvss_v4_0":501},{"baseScore":498,"baseSeverity":9,"vectorString":499,"impactScore":492,"exploitabilityScore":500},7.5,"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",10,{"baseScore":502,"baseSeverity":9,"vectorString":503,"impactScore":9,"exploitabilityScore":9},8.7,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N",[505,519],{"ecosystem":506,"name":507,"vendor":506,"product":507,"cpe_part":9,"purl_type":508,"purl_namespace":9,"purl_name":507,"source":9,"versions":509},"PyPI","setuptools","pypi",[510,516],{"version":511,"is_range":512,"range_type":513,"version_start":9,"version_start_type":9,"version_end":514,"version_end_type":515,"fixed_in":9},"lt43a9c9bfa6aa626ec2a22540bea28d2ca77964be",true,"ecosystem","43a9c9bfa6aa626ec2a22540bea28d2ca77964be","excluding",{"version":517,"is_range":512,"range_type":513,"version_start":9,"version_start_type":9,"version_end":518,"version_end_type":515,"fixed_in":9},"lt65_5_1","65.5.1",{"ecosystem":9,"name":507,"vendor":520,"product":507,"cpe_part":521,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":522},"python","a",[523],{"version":524,"is_range":512,"range_type":525,"version_start":9,"version_start_type":9,"version_end":518,"version_end_type":515,"fixed_in":9},"lt65.5.1","cpe"]