exploitDog

CVE-2022-33000

Опубликовано: 24 июн. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

Ссылки

http://pypi.doubanio.com/simple/request
Product
https://github.com/bOrionis/mls/issues/1
Exploit
Issue Tracking
Third Party Advisory
https://pypi.org/project/ml-scanner/
Product
http://pypi.doubanio.com/simple/request
Product
https://github.com/bOrionis/mls/issues/1
Exploit
Issue Tracking
Third Party Advisory
https://pypi.org/project/ml-scanner/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pypi:ml-scanner:*:*:*:*:*:pypi:*:*

Версия от 0.1.0 (включая) до 0.1.5 (включая)

EPSS

Процентиль: 63%

0.00439

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-c9gf-78w6-hr62

CVSS3: 9.8

github

больше 3 лет назад

The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

EPSS

Процентиль: 63%

0.00439

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo