pypa/wheel vulnerable to Regular Expression denial of service (ReDoS)
High severity
GitHub Reviewed
Published
Dec 23, 2022
to the GitHub Advisory Database
•
Updated Nov 19, 2024
Description
Published by the National Vulnerability Database
Dec 23, 2022
Published to the GitHub Advisory Database
Dec 23, 2022
Reviewed
Dec 26, 2022
Last updated
Nov 19, 2024
Python Packaging Authority (PyPA) Wheel is a reference implementation of the Python wheel packaging standard. Wheel 0.37.1 and earlier are vulnerable to a Regular Expression denial of service via attacker controlled input to the wheel cli. The vulnerable regex is used to verify the validity of Wheel file names. This has been patched in version 0.38.1.
References