exploitDog

CVE-2022-33002

Опубликовано: 24 июн. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

Ссылки

http://pypi.doubanio.com/simple/request
Product
https://github.com/smoothnlp/KGExplore/issues/13
Exploit
Issue Tracking
Third Party Advisory
https://pypi.org/project/kgexplore/
Product
http://pypi.doubanio.com/simple/request
Product
https://github.com/smoothnlp/KGExplore/issues/13
Exploit
Issue Tracking
Third Party Advisory
https://pypi.org/project/kgexplore/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pypi:explore:*:*:*:*:*:pypi:*:*

Версия от 0.1.1 (включая) до 0.1.2 (включая)

EPSS

Процентиль: 72%

0.00734

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-7f6x-rh8w-mv5h

CVSS3: 9.8

github

больше 3 лет назад

The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

EPSS

Процентиль: 72%

0.00734

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo