GitHub Advisory DatabaseGHSA-57QV-H9M7-JXFGCode-execution backdoor in marcador
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
74.7%
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
Affected configurations
References
pypi.doubanio.com/simple/request
github.com/advisories/GHSA-57qv-h9m7-jxfg
github.com/joajfreitas/marcador/commit/84d84549c6c6d765abc9243ac7e85d810f32d6e7
github.com/joajfreitas/marcador/issues/5
github.com/pypa/advisory-database/tree/main/vulns/marcador/PYSEC-2022-185.yaml
nvd.nist.gov/vuln/detail/CVE-2022-28470
pypi.org/project/marcador/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
74.7%