Update pip setuptools to 65.5.1 (CVE-2022-40897)

Moderate

AzorianMatt published GHSA-3pcw-h28g-9w3v

Mar 18, 2023

Package

setuptools (pip)

Affected versions

<65.5.1

Patched versions

None

Description

Summary

This is a simple requirements.txt addition to fix CVE-2022-40897.

Details

CVE-2022-40897 is fixed in setuptools 65.5.1, version 65.5.0 is being pulled in when installing the packages from requirements.txt.

PoC

Below screenshot of Snyk results.

Impact

No impact expected.

Severity

Moderate

5.9

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

High

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H