PT-2022-37359 — Democritus-Dates+2

PT-2022-37359 · Unknown+2 · Democritus-Dates+2

Published

2022-11-07

Updated

2022-11-07

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions d8s-timer version not specified d8s-htm version 0.1.0

Description A potential code-execution backdoor was inserted by a third party in the d8s-timer for python distributed on PyPI. Another affected package is democritus-dates.

Recommendations For d8s-htm version 0.1.0, at the moment, there is no information about a newer version that contains a fix for this issue. For d8s-timer, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

PYSEC-2022-43096

Affected Products

D8S-Htm

D8S-Timer

Democritus-Dates

Related Identifiers

Affected Products

References · 4