PT-2022-22471 · Unknown · Scu-Captcha

Di1L0O

Published

2022-07-22

Updated

2022-07-29

CVE-2022-34983

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions scu-captcha versions 0.0.1 through 0.0.4

Description The issue concerns a code execution backdoor that was inserted by a third party into the scu-captcha package. This backdoor allows for code execution, posing a significant risk.

Recommendations For versions 0.0.1 through 0.0.4, remove the scu-captcha package to prevent potential code execution by the backdoor. As a temporary workaround, consider restricting access to any functionality that utilizes the scu-captcha package until a secure alternative is implemented.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-34983

PYSEC-2022-43166

Affected Products

Scu-Captcha

PT-2022-22471 · Unknown · Scu-Captcha

CVE-2022-34983

Related Identifiers

Affected Products

References · 8