Lucene search

K
nvd[email protected]NVD:CVE-2022-44053
HistoryNov 07, 2022 - 3:15 p.m.

CVE-2022-44053

2022-11-0715:15:11
CWE-434
web.nvd.nist.gov
code execution
backdoor
d8s-networking
python
pypi
democritus-user-agents package
affected version

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

55.7%

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0.

Affected configurations

NVD
Node
democritusd8s-networkingMatch0.1.0python

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

55.7%

Related for NVD:CVE-2022-44053