diff --git a/index.html b/index.html index 49bcb7b..3aa65e0 100644 --- a/index.html +++ b/index.html @@ -51,7 +51,7 @@ } a.toggle-more-links { cursor: pointer; } -
rocky | |||||
---|---|---|---|---|---|
No Vulnerabilities found | 39.2.0 | 65.5.1 | + https://access.redhat.com/security/cve/CVE-2022-40897 https://github.com/advisories/GHSA-r9hx-vwmv-q579 https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be diff --git a/trivy-results.sarif b/trivy-results.sarif index 52a32d5..77db716 100644 --- a/trivy-results.sarif +++ b/trivy-results.sarif @@ -13,7 +13,7 @@ "id": "CVE-2022-40897", "name": "LanguageSpecificPackageVulnerability", "shortDescription": { - "text": "CVE-2022-40897 affecting package python-setuptools 40.2.0-6" + "text": "pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py" }, "fullDescription": { "text": "Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py." |