PT-2022-3395 · Pypi+1 · Request+1

Di1L0O

Published

2022-06-08

Updated

2022-06-15

CVE-2022-30882

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions pyanxdns version 0.2

Description The issue is related to the presence of a malicious dependency request in the pyanxdns package. This allows a remote attacker to execute arbitrary code. When the pyanxdns package version 0.2 is installed, the request package is also installed, leading to the vulnerability.

Recommendations For pyanxdns version 0.2, consider uninstalling the request package to mitigate the risk of code execution. As a temporary workaround, avoid using the pyanxdns package until a patched version is available.

Exploit

Fix

Hidden Functionality

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-912

Related Identifiers

BDU:2022-04167

CVE-2022-30882

Affected Products

Pyanxdns

Request

PT-2022-3395 · Pypi+1 · Request+1

CVE-2022-30882

Weakness Enumeration

Related Identifiers

Affected Products

References · 11