Tag
setuptools
Safeguard articles tagged "setuptools" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Vulnerability Analysis
Python setuptools package_index ReDoS (CVE-2022-40897)
CVE-2022-40897 is a ReDoS flaw in setuptools' package_index.py that can hang CI pipelines when parsing crafted index pages. Here's how to detect and fix it.
Dec 31, 20257 min read
Open Source Security
Python setuptools Security Considerations
setuptools is the default Python packaging backend and its security properties matter for anyone who builds, installs, or runs Python code. Here is what to watch.
Oct 5, 20237 min read