CVE-2022-41386

Name of the Vulnerable Software and Affected Versions d8s-utility version 0.1.0

Description The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package.

Recommendations For version 0.1.0, consider removing or avoiding the use of the democritus-urls package to prevent potential code execution. As a temporary workaround, restrict access to sensitive resources until a safe version of the package is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.