CVE-2022-30885

Опубликовано: 24 июн. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2.

Ссылки

http://pypi.doubanio.com/simple/request
Third Party Advisory
https://github.com/esdc-esac-esa-int/pyesasky/issues/39
Exploit
Issue Tracking
Third Party Advisory
https://pypi.org/project/pyesasky/
Product
Third Party Advisory
http://pypi.doubanio.com/simple/request
Third Party Advisory
https://github.com/esdc-esac-esa-int/pyesasky/issues/39
Exploit
Issue Tracking
Third Party Advisory
https://pypi.org/project/pyesasky/
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:esa:pyesasky:*:*:*:*:*:python:*:*

Версия от 1.2.0 (включая) до 1.4.2 (включая)

EPSS

Процентиль: 77%

0.0102

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-h34f-j9mf-ghj4

github

больше 3 лет назад

** Reserved ** The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2.