Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setuptools package is vulnerable #803

Closed
wants to merge 2 commits into from
Closed

Setuptools package is vulnerable #803

wants to merge 2 commits into from

Conversation

suryadev99
Copy link

Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in package_index. This has been patched in version 65.5.1.

@suryadev99
Update Dockerfile
40b4984 
Updating SETUPTOOLS=65.5,1

ython Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in package_index. This has been patched in version 65.5.1.
@suryadev99
Merge pull request #1 from suryadev99/suryadev99-setuptools-patch-1
10484a9 
Update Dockerfile
@ad-m-ss
Copy link

ad-m-ss commented Feb 22, 2023

Duplicate of #781

@yosifkit
Copy link
Member

#781 (comment)

@yosifkit yosifkit closed this Feb 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@suryadev99 @ad-m-ss @yosifkit