PT-2020-21574 · Unknown · Pizza-Pasta

Published

2020-09-03

·

Updated

2020-09-03

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions pizza-pasta version 1.0.3
Description The issue concerns malicious code embedded in the install scripts of the affected software. This code creates folders on the system's Desktop and downloads an image from imgur.com. Furthermore, it prints the user's SSH keys to the console. There is no evidence of further compromise.
Recommendations Remove the package from your environment.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-506

Related Identifiers

GHSA-WXRM-2H86-V95F

Affected Products

Pizza-Pasta