Jaraco

**Name of the Vulnerable Software and Affected Versions** Python Packaging Authority (PyPA) setuptools versions 65.3.0 through 65.5.0 **Description** The issue is related to insufficient input validation when processing HTML content, allowing remote attackers to cause a denial of service via crafted HTML in a package or custom PackageIndex page. This is due to a Regular Expression Denial of Service (ReDoS) in package index.py. The vulnerability can be exploited by sending specially crafted data to the application, resulting in a denial of service attack. **Recommendations** For versions 65.3.0 through 65.5.0, update to version 65.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `package index` module to minimize the risk of exploitation. Avoid using the vulnerable Regular Expression in the `package index.py` file until the issue is resolved.