4 matches found
CVE-2022-41384
The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0...
d8s-asns (>=0.2.0 <=0.7.0), d8s-html (>=0.2.0 <=0.6.1) +5 more potentially affected by CVE-2022-41384 via d8s-domains (=0.6.0)
d8s-domains PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on d8s-domains and may be impacted: - d8s-asns =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.8.0 Source cves: CVE-2022-41384 Source advisory: OSV:PYSEC-2022-43023...
CVE-2022-41384
The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0...
CVE-2022-41384
Summary (CVE-2022-41384) The Python PyPI package d8s-domains (version 0.1.0) was found to include a potential code‑execution backdoor introduced by a third party (the democritus-urls package). This backdoor is the stated vulnerability mechanism and is the primary cause of the CVE. The connected d...