Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/setuptools@5.0.2

Type pypi

Namespace

Name setuptools

Version 5.0.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 78.1.1

Latest_non_vulnerable_version 78.1.1

Affected_by_vulnerabilities

url VCID-1pe7-4f4b-ukhu

vulnerability_id VCID-1pe7-4f4b-ukhu

summary setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47273.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47273.json

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2025-49.yaml

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2025-49.yaml

reference_url

https://github.com/pypa/setuptools

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/setuptools

reference_url

https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88

reference_url

https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b

reference_url

https://github.com/pypa/setuptools/issues/4946

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/setuptools/issues/4946

reference_url

https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf

reference_url

https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105970
reference_id	1105970
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105970

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2366982
reference_id	2366982
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2366982

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-47273

reference_id

CVE-2025-47273

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-47273

reference_url	https://github.com/advisories/GHSA-5rjg-fvgr-3xxf
reference_id	GHSA-5rjg-fvgr-3xxf
reference_type
scores
url	https://github.com/advisories/GHSA-5rjg-fvgr-3xxf

reference_url	https://access.redhat.com/errata/RHSA-2025:10407
reference_id	RHSA-2025:10407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10407

reference_url	https://access.redhat.com/errata/RHSA-2025:10787
reference_id	RHSA-2025:10787
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10787

reference_url	https://access.redhat.com/errata/RHSA-2025:10809
reference_id	RHSA-2025:10809
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10809

reference_url	https://access.redhat.com/errata/RHSA-2025:10992
reference_id	RHSA-2025:10992
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10992

reference_url	https://access.redhat.com/errata/RHSA-2025:11036
reference_id	RHSA-2025:11036
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11036

reference_url	https://access.redhat.com/errata/RHSA-2025:11043
reference_id	RHSA-2025:11043
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11043

reference_url	https://access.redhat.com/errata/RHSA-2025:11044
reference_id	RHSA-2025:11044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11044

reference_url	https://access.redhat.com/errata/RHSA-2025:11101
reference_id	RHSA-2025:11101
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11101

reference_url	https://access.redhat.com/errata/RHSA-2025:11102
reference_id	RHSA-2025:11102
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11102

reference_url	https://access.redhat.com/errata/RHSA-2025:11146
reference_id	RHSA-2025:11146
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11146

reference_url	https://access.redhat.com/errata/RHSA-2025:11388
reference_id	RHSA-2025:11388
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11388

reference_url	https://access.redhat.com/errata/RHSA-2025:11424
reference_id	RHSA-2025:11424
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11424

reference_url	https://access.redhat.com/errata/RHSA-2025:11425
reference_id	RHSA-2025:11425
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11425

reference_url	https://access.redhat.com/errata/RHSA-2025:11426
reference_id	RHSA-2025:11426
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11426

reference_url	https://access.redhat.com/errata/RHSA-2025:11427
reference_id	RHSA-2025:11427
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11427

reference_url	https://access.redhat.com/errata/RHSA-2025:11463
reference_id	RHSA-2025:11463
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11463

reference_url	https://access.redhat.com/errata/RHSA-2025:11464
reference_id	RHSA-2025:11464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11464

reference_url	https://access.redhat.com/errata/RHSA-2025:11584
reference_id	RHSA-2025:11584
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11584

reference_url	https://access.redhat.com/errata/RHSA-2025:11607
reference_id	RHSA-2025:11607
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11607

reference_url	https://access.redhat.com/errata/RHSA-2025:11868
reference_id	RHSA-2025:11868
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11868

reference_url	https://access.redhat.com/errata/RHSA-2025:11984
reference_id	RHSA-2025:11984
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11984

reference_url	https://access.redhat.com/errata/RHSA-2025:12020
reference_id	RHSA-2025:12020
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12020

reference_url	https://access.redhat.com/errata/RHSA-2025:12834
reference_id	RHSA-2025:12834
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12834

reference_url	https://access.redhat.com/errata/RHSA-2025:13578
reference_id	RHSA-2025:13578
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13578

reference_url	https://access.redhat.com/errata/RHSA-2025:13668
reference_id	RHSA-2025:13668
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13668

reference_url	https://access.redhat.com/errata/RHSA-2025:13669
reference_id	RHSA-2025:13669
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13669

reference_url	https://access.redhat.com/errata/RHSA-2025:13803
reference_id	RHSA-2025:13803
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13803

reference_url	https://access.redhat.com/errata/RHSA-2025:13804
reference_id	RHSA-2025:13804
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13804

reference_url	https://access.redhat.com/errata/RHSA-2025:14686
reference_id	RHSA-2025:14686
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14686

reference_url	https://access.redhat.com/errata/RHSA-2025:14900
reference_id	RHSA-2025:14900
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14900

reference_url	https://access.redhat.com/errata/RHSA-2025:15408
reference_id	RHSA-2025:15408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15408

reference_url	https://access.redhat.com/errata/RHSA-2025:15410
reference_id	RHSA-2025:15410
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15410

reference_url	https://access.redhat.com/errata/RHSA-2025:15411
reference_id	RHSA-2025:15411
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15411

reference_url	https://access.redhat.com/errata/RHSA-2025:19421
reference_id	RHSA-2025:19421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19421

reference_url	https://access.redhat.com/errata/RHSA-2025:19422
reference_id	RHSA-2025:19422
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19422

reference_url	https://access.redhat.com/errata/RHSA-2025:19423
reference_id	RHSA-2025:19423
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19423

reference_url	https://access.redhat.com/errata/RHSA-2025:19424
reference_id	RHSA-2025:19424
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19424

reference_url	https://access.redhat.com/errata/RHSA-2025:19425
reference_id	RHSA-2025:19425
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19425

reference_url	https://access.redhat.com/errata/RHSA-2025:19426
reference_id	RHSA-2025:19426
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19426

reference_url	https://access.redhat.com/errata/RHSA-2025:19427
reference_id	RHSA-2025:19427
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19427

reference_url	https://access.redhat.com/errata/RHSA-2025:19428
reference_id	RHSA-2025:19428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19428

reference_url	https://access.redhat.com/errata/RHSA-2025:19429
reference_id	RHSA-2025:19429
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19429

reference_url	https://access.redhat.com/errata/RHSA-2025:19430
reference_id	RHSA-2025:19430
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19430

reference_url	https://access.redhat.com/errata/RHSA-2025:9940
reference_id	RHSA-2025:9940
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9940

reference_url	https://access.redhat.com/errata/RHSA-2025:9966
reference_id	RHSA-2025:9966
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9966

reference_url	https://access.redhat.com/errata/RHSA-2026:4215
reference_id	RHSA-2026:4215
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4215

fixed_packages

url	pkg:pypi/setuptools@78.1.1
purl	pkg:pypi/setuptools@78.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/setuptools@78.1.1

aliases CVE-2025-47273, GHSA-5rjg-fvgr-3xxf, PYSEC-2025-49

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1pe7-4f4b-ukhu

url VCID-f4x2-qsqp-kfcn

vulnerability_id VCID-f4x2-qsqp-kfcn

summary Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40897.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40897.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-40897

reference_id

reference_type

scores

value	0.00513
scoring_system	epss
scoring_elements	0.66853
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-40897

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2022-43012.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2022-43012.yaml

reference_url

https://github.com/pypa/setuptools

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/setuptools

reference_url

https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200

reference_url

https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be

reference_url

https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1

reference_url

https://github.com/pypa/setuptools/issues/3659

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/setuptools/issues/3659

reference_url

https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-40897

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-40897

reference_url

https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

reference_url	https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
reference_id
reference_type
scores
url	https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/

reference_url

https://pyup.io/vulnerabilities/CVE-2022-40897/52495

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pyup.io/vulnerabilities/CVE-2022-40897/52495

reference_url	https://pyup.io/vulnerabilities/CVE-2022-40897/52495/
reference_id
reference_type
scores
url	https://pyup.io/vulnerabilities/CVE-2022-40897/52495/

reference_url

https://security.netapp.com/advisory/ntap-20230214-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230214-0001

reference_url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_url

https://setuptools.pypa.io/en/latest

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://setuptools.pypa.io/en/latest

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2158559
reference_id	2158559
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2158559

reference_url	https://access.redhat.com/errata/RHSA-2023:0835
reference_id	RHSA-2023:0835
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0835

reference_url	https://access.redhat.com/errata/RHSA-2023:0952
reference_id	RHSA-2023:0952
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0952

reference_url	https://access.redhat.com/errata/RHSA-2023:6793
reference_id	RHSA-2023:6793
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6793

reference_url	https://access.redhat.com/errata/RHSA-2023:7395
reference_id	RHSA-2023:7395
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7395

reference_url	https://access.redhat.com/errata/RHSA-2024:2985
reference_id	RHSA-2024:2985
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2985

reference_url	https://access.redhat.com/errata/RHSA-2024:2987
reference_id	RHSA-2024:2987
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2987

reference_url	https://access.redhat.com/errata/RHSA-2024:4421
reference_id	RHSA-2024:4421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4421

reference_url	https://access.redhat.com/errata/RHSA-2024:6915
reference_id	RHSA-2024:6915
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6915

fixed_packages

url pkg:pypi/setuptools@65.5.1

purl pkg:pypi/setuptools@65.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pe7-4f4b-ukhu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/setuptools@65.5.1

aliases CVE-2022-40897, GHSA-r9hx-vwmv-q579, PYSEC-2022-43012

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4x2-qsqp-kfcn

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/setuptools@5.0.2

Package Instance