exploitDog

CVE-2022-34053

Опубликовано: 24 июн. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

Ссылки

http://pypi.doubanio.com/simple/request
Product
https://github.com/ylliprifti/dr-web-engine/issues/4
Exploit
Issue Tracking
Third Party Advisory
https://pypi.org/project/dr-web-engine/
Product
http://pypi.doubanio.com/simple/request
Product
https://github.com/ylliprifti/dr-web-engine/issues/4
Exploit
Issue Tracking
Third Party Advisory
https://pypi.org/project/dr-web-engine/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pypi:dr-web-engine:0.2.0:b0:*:*:*:pypi:*:*

EPSS

Процентиль: 72%

0.00734

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-cwp2-chgw-mwq8

CVSS3: 9.8

github

больше 3 лет назад

The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

EPSS

Процентиль: 72%

0.00734

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo