PT-2022-37371 — D8S-Networking+2

PT-2022-37371 · Pypi+1 · D8S-Networking+2

Published

2022-11-07

Updated

2022-11-07

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions d8s-networking version not specified d8s-htm version 0.1.0

Description A potential code-execution backdoor was inserted by a third party into the d8s-networking package for Python distributed on PyPI. Another affected package is democritus-json.

Recommendations For d8s-htm version 0.1.0, at the moment, there is no information about a newer version that contains a fix for this issue. For d8s-networking, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

PYSEC-2022-43108

Affected Products

D8S-Htm

D8S-Networking

Democritus-Json

Related Identifiers

Affected Products

References · 4