PT-2022-22182 · Pypi · Bin-Collect

Di1L0O

Published

2022-07-22

Updated

2022-07-29

CVE-2022-34500

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions bin-collect versions prior to 0.1

Description The issue concerns a code execution backdoor that was inserted by a third party into the bin-collect package available in PyPI. This backdoor allows for the execution of arbitrary code, posing a significant security risk.

Recommendations For versions prior to 0.1, update to version 0.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the bin-collect package until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-34500

Affected Products

Bin-Collect

PT-2022-22182 · Pypi · Bin-Collect

CVE-2022-34500

Related Identifiers

Affected Products

References · 8