exploitDog

CVE-2022-41380

Опубликовано: 11 окт. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.

Ссылки

https://github.com/democritus-project/d8s-yaml/issues/4
Exploit
Issue Tracking
Third Party Advisory
https://pypi.org/project/d8s-yaml/
Product
Third Party Advisory
https://pypi.org/project/democritus-file-system/
Product
Third Party Advisory
https://github.com/democritus-project/d8s-yaml/issues/4
Exploit
Issue Tracking
Third Party Advisory
https://pypi.org/project/d8s-yaml/
Product
Third Party Advisory
https://pypi.org/project/democritus-file-system/
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:democritus:d8s-yaml:0.1.0:*:*:*:*:python:*:*

EPSS

Процентиль: 74%

0.00827

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-rm8m-wpg7-4976

CVSS3: 9.8

github

больше 3 лет назад

The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.

EPSS

Процентиль: 74%

0.00827

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

CWE-434