CVE-2022-42039

Name of the Vulnerable Software and Affected Versions d8s-lists version 0.1.0

Description The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package.

Recommendations For version 0.1.0, consider removing or avoiding the use of the democritus-dicts package to prevent potential code execution. As a temporary workaround, restrict access to sensitive resources until a safe version of the package is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.