CVE-2022-42041

Name of the Vulnerable Software and Affected Versions d8s-file-system version 0.1.0

Description The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package.

Recommendations For version 0.1.0, consider removing or avoiding the use of the democritus-hashes package to prevent potential code execution. As a temporary workaround, restrict access to sensitive areas of the system where this package is used until a secure version is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.