Di1L0O

**Name of the Vulnerable Software and Affected Versions** hour of code python 2015 version 520929797b9ca43bb818b2e8f963fb2025459fa3 **Description** The issue allows attackers to access sensitive user information and execute arbitrary code via a code execution backdoor in the request package, as specified in requirements.txt. **Recommendations** For hour of code python 2015 version 520929797b9ca43bb818b2e8f963fb2025459fa3, consider removing or updating the request package in requirements.txt to prevent code execution backdoors. As a temporary workaround, restrict access to sensitive user information until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MvcTools version 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 **Description** The issue allows attackers to access sensitive user information and execute arbitrary code via a code execution backdoor in the request package, as specified in requirements.txt. **Recommendations** For version 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737, consider removing or updating the vulnerable request package in requirements.txt to prevent code execution. As a temporary workaround, restrict access to sensitive user information until a patch is available.

**Name of the Vulnerable Software and Affected Versions** vSphere selfuse version 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 **Description** The issue allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges via a code execution backdoor in the request package. **Recommendations** For version 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749, consider restricting access to the request package to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 **Description** The issue allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges via a code execution backdoor in the request package. **Recommendations** For Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867, consider removing or disabling the vulnerable code to prevent exploitation until a fixed version is available. As a temporary workaround, restrict access to sensitive user information and digital currency keys to minimize the risk of unauthorized access.

**Name of the Vulnerable Software and Affected Versions** d8s-archives version 0.1.0 **Description** The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. **Recommendations** For version 0.1.0, consider removing or avoiding the use of the democritus-file-system package to mitigate the risk of code execution. As a temporary workaround, restrict access to sensitive areas of your system until a patch or a secure version of the package is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** d8s-domains version 0.1.0 **Description** The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. **Recommendations** For version 0.1.0, consider removing or avoiding the use of the democritus-urls package to prevent potential code execution. As a temporary workaround, restrict access to sensitive resources until a safe version of the package is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** d8s-ip-addresses version 0.1.0 **Description** The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. **Recommendations** For version 0.1.0, consider removing or avoiding the use of the democritus-csv package to prevent potential code execution. As a temporary workaround, consider disabling any functionality that relies on the democritus-csv package until a safe version of d8s-ip-addresses is available.

**Name of the Vulnerable Software and Affected Versions** d8s-html version 0.1.0 **Description** The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. **Recommendations** For version 0.1.0, consider removing or avoiding the use of the democritus-urls package to prevent potential code execution. As a temporary workaround, restrict access to the d8s-html package until a safe version is available.

**Name of the Vulnerable Software and Affected Versions** d8s-urls version 0.1.0 **Description** The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. **Recommendations** For version 0.1.0, consider removing or avoiding the use of the democritus-csv package to prevent potential code execution. As a temporary workaround, restrict access to the d8s-urls package until a safe version is available.

**Name of the Vulnerable Software and Affected Versions** d8s-asns version 0.1.0 **Description** The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. **Recommendations** For version 0.1.0, consider removing or avoiding the use of the democritus-csv package to prevent potential code execution. As a temporary workaround, restrict access to the d8s-asns package until a safe version is available.

**Name of the Vulnerable Software and Affected Versions** d8s-json version 0.1.0 **Description** The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. **Recommendations** For version 0.1.0, consider removing or avoiding the use of the democritus-file-system package to prevent potential code execution. As a temporary workaround, restrict access to sensitive areas of your system until a safe version of the d8s-json package is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** d8s-utility version 0.1.0 **Description** The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. **Recommendations** For version 0.1.0, consider removing or avoiding the use of the democritus-urls package to prevent potential code execution. As a temporary workaround, restrict access to sensitive resources until a safe version of the package is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** d8s-lists version 0.1.0 **Description** The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. **Recommendations** For version 0.1.0, consider removing or avoiding the use of the democritus-dicts package to prevent potential code execution. As a temporary workaround, restrict access to sensitive resources until a safe version of the package is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** d8s-pdfs version 0.1.0 **Description** The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. **Recommendations** For version 0.1.0, consider removing or avoiding the use of the democritus-urls package to prevent potential code execution. As a temporary workaround, consider disabling any functionality that relies on the democritus-urls package until a safe version of d8s-pdfs is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** d8s-yaml version 0.1.0 **Description** The d8s-yaml package for Python contains a potential code-execution backdoor. This backdoor is attributed to the democritus-file-system package, which was inserted by a third party. **Recommendations** For version 0.1.0, avoid using the d8s-yaml package until a secure version is available. As a temporary workaround, consider removing or restricting the use of the democritus-file-system package to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** d8s-utility version 0.1.0 **Description** The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. **Recommendations** For version 0.1.0, consider removing or avoiding the use of the democritus-file-system package to prevent potential code execution. As a temporary workaround, restrict access to sensitive areas of your system until a safe version of the package is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** d8s-asns versions 0.1.0 **Description** The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. **Recommendations** For version 0.1.0, consider removing or avoiding the use of the democritus-networking package to prevent potential code execution. As a temporary workaround, restrict access to the package until a safe version is available.

**Name of the Vulnerable Software and Affected Versions** d8s-html version 0.1.0 **Description** The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. **Recommendations** For version 0.1.0, consider removing or avoiding the use of the democritus-networking package to minimize the risk of code execution. As a temporary workaround, restrict access to any functionality that may be affected by the backdoor until a safe version is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** d8s-domains version 0.1.0 **Description** The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. **Recommendations** For version 0.1.0, consider removing or avoiding the use of the democritus-networking package to prevent potential code execution. As a temporary workaround, restrict access to any functionality that utilizes the democritus-networking package until a safe version is available.

**Name of the Vulnerable Software and Affected Versions** d8s-python version 0.1.0 **Description** The d8s-python package for python, distributed on PyPI, contains a potential code-execution backdoor inserted by a third party, specifically affecting the democritus-strings package. **Recommendations** For version 0.1.0, avoid using the d8s-python package until a patched version is available. As a temporary workaround, consider removing or restricting access to the democritus-strings package to minimize the risk of exploitation.