PT-2022-37392 — Democritus-Uuids+2

PT-2022-37392 · Pypi · Democritus-Uuids+2

Published

2022-11-07

Updated

2022-11-07

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions d8s-strings (affected versions not specified) d8s-htm version 0.1.0

Description A potential code-execution backdoor was inserted by a third party into the d8s-strings package distributed on PyPI. Another affected package is democritus-uuids.

Recommendations For d8s-htm version 0.1.0, at the moment, there is no information about a newer version that contains a fix for this issue. For d8s-strings, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

PYSEC-2022-43129

Affected Products

D8S-Htm

D8S-Strings

Democritus-Uuids

Related Identifiers

Affected Products

References · 4