PT-2022-24570 · Pypi · Exotel
Anroots-Two
·
Published
2022-08-27
·
Updated
2022-09-01
·
CVE-2022-38792
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
exotel (aka exotel-py) version 0.1.6
Description
The exotel package in PyPI includes a code execution backdoor inserted by a third party. This backdoor allows for code execution, posing a significant security risk. Users should be aware of this issue to take appropriate mitigation measures.
Recommendations
For version 0.1.6, downgrade to version 0.1.5 to avoid the problem.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Exotel