Safety vulnerability ID: 51499
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
Latest version: 0.44.0
A built-package format for Python
- Dropped support for Python < 3.7
- Updated vendored ``packaging`` to 21.3
- Replaced all uses of ``distutils`` with ``setuptools``
- The handling of ``license_files`` (including glob patterns and default
values) is now delegated to ``setuptools>=57.0.0`` (466).
The package dependencies were updated to reflect this change.
- Fixed potential DoS attack via the ``WHEEL_INFO_RE`` regular expression
- Fixed ``ValueError: ZIP does not support timestamps before 1980`` when using
``SOURCE_DATE_EPOCH=0`` or when on-disk timestamps are earlier than 1980-01-01. Such
timestamps are now changed to the minimum value before packaging.
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application