Name of the Vulnerable Software and Affected Versions d8s-xml version 0.1.0

Description The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package.

Recommendations For version 0.1.0, avoid using the democritus-strings package until a safe version of d8s-xml is available. Consider removing the democritus-strings package as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.