CVE-2022-40811 - The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor insert

CVE-2022-40811

Summary

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.

References

https://pypi.org/project/democritus-file-system/
https://github.com/democritus-project/d8s-urls/issues/11

Vulnerable Configurations

cpe:2.3:a:democritus_urls_project:democritus_urls:0.1.0:*:*:*:*:python:*:*
cpe:2.3:a:democritus_urls_project:democritus_urls:0.1.0:*:*:*:*:python:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

21-09-2022 - 15:39

Published

19-09-2022 - 15:15

Last modified

21-09-2022 - 15:39