CVE-2022-32998

Name of the Vulnerable Software and Affected Versions cryptoasset-data-downloader versions 1.0.0 through 1.0.1

Description The cryptoasset-data-downloader package was discovered to contain a code execution backdoor via the request package. This issue allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

Recommendations For versions 1.0.0 through 1.0.1, consider removing or disabling the cryptoasset-data-downloader package until a patched version is available. As a temporary workaround, restrict access to sensitive user information and digital currency keys to minimize the risk of exploitation. Avoid using the request package in the affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.