Lucene search

[email protected]NVD:CVE-2022-40808

HistorySep 19, 2022 - 3:15 p.m.

CVE-2022-40808

2022-09-1915:15:13

[email protected]

web.nvd.nist.gov

cve-2022-40808

distributed on pypi

potential code-execution

democritus-hypothesis package

affected version 0.1.0

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.8%

JSON

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0

Affected configurations

Nvd

Node

democritus_dates_projectdemocritus_datesMatch0.1.0python

VendorProductVersionCPE
democritus_dates_projectdemocritus_dates0.1.0cpe:2.3:a:democritus_dates_project:democritus_dates:0.1.0:*:*:*:*:python:*:*

Vendor	Product	Version	CPE
democritus_dates_project	democritus_dates	0.1.0	cpe:2.3:a:democritus_dates_project:democritus_dates:0.1.0:::::python::

References

github.com/democritus-project/d8s-dates/issues/26

pypi.org/project/democritus-hypothesis/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.8%

JSON

Related for NVD:CVE-2022-40808

osv1 prion1 veracode1 cvelist1 cve1