exploitDog

CVE-2022-43306

Опубликовано: 07 нояб. 2022

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0.

Ссылки

https://github.com/dadadadada111/info/issues/11
Issue Tracking
Third Party Advisory
https://pypi.org/project/d8s-timer/
Product
https://pypi.org/project/democritus-dates/
Product
https://github.com/dadadadada111/info/issues/11
Issue Tracking
Third Party Advisory
https://pypi.org/project/d8s-timer/
Product
https://pypi.org/project/democritus-dates/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:democritus:d8s-timer:0.1.0:*:*:*:*:python:*:*

EPSS

Процентиль: 65%

0.00491

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-mxf7-mjm7-qcvc

CVSS3: 8.8

github

больше 3 лет назад

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0.

EPSS

Процентиль: 65%

0.00491

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

CWE-434