Lucene search

[email protected]CVE-2022-34983

HistoryJul 22, 2022 - 3:15 p.m.

CVE-2022-34983

2022-07-2215:15:08

[email protected]

web.nvd.nist.gov

cve-2022-34983

scu-captcha

pypi

code execution

backdoor

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

JSON

The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party.

Affected configurations

NVD

Node

scu-captcha_projectscu-captchaRange0.0.1–0.0.4pypi

CPENameOperatorVersion
scu-captcha_project:scu-captchascu-captcha project scu-captchale0.0.4

CPE	Name	Operator	Version
scu-captcha_project:scu-captcha	scu-captcha project scu-captcha	le	0.0.4

References

pypi.doubanio.com/simple/request

github.com/SunnyHaze/SCU-Captcha/issues/1

pypi.org/project/scu-captcha/

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

JSON

Related for CVE-2022-34983

prion1 cvelist1 veracode1 nvd1