EUVD-2022-0393

Malicious code in bioql PyPI...

CVE-2022-40428

The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

d8s-archives (>=0.2.0 <=0.7.0), d8s-asns (>=0.2.0 <=0.7.0) +13 more potentially affected by CVE-2022-42041 via d8s-file-system (=0.10.0)

d8s-file-system PYPI version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on d8s-file-system and may be impacted: - d8s-archives =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0,...

d8s-asns (>=0.2.0 <=0.7.0), d8s-domains (>=0.2.0 <=0.6.0) +8 more potentially affected by CVE-2022-42042 via d8s-networking (>=0.3.0 <=0.4.2)

d8s-networking PYPI version =0.3.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.8.0 Source cves: CVE-2022-42042 Source advisory: OSV:PYSEC-2022-43028...

CVE-2022-40428

The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

CVE-2022-40428

The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

Code injection

The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

PYSEC-2022-43114

The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

CVE-2022-40428

CVE-2022-40428 affects d8s-mpeg for Python (PyPI) where a third‑party backdoor in the democritus-networking package is bundled with version 0.1.0. The established data indicates a potential arbitrary code execution backdoor, enabling code execution if the compromised package is used. Exploitation...

d8s-asns (=0.1.0), d8s-domains (=0.1.0) +8 more potentially affected by unknown CVE via democritus-json (=2021.1.2501)

democritus-json PYPI version =2021.1.2501 is affected by a known vulnerability. The following packages have a transitive dependency on democritus-json and may be impacted: - d8s-asns =0.1.0 - d8s-domains =0.1.0 - d8s-html =0.1.0 - d8s-ip-addresses =0.1.0 - d8s-mpeg =0.1.0 - d8s-networking =0.1.0 ...

d8s-asns (=0.1.0), d8s-domains (=0.1.0) +6 more potentially affected by unknown CVE via democritus-networking (=2023.1.22)

democritus-networking PYPI version =2023.1.22 is affected by a known vulnerability. The following packages have a transitive dependency on democritus-networking and may be impacted: - d8s-asns =0.1.0 - d8s-domains =0.1.0 - d8s-html =0.1.0 - d8s-ip-addresses =0.1.0 - d8s-mpeg =0.1.0 - d8s-pdfs...

Democritus Project 安全漏洞

Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. A security vulnerability exists in Democritus Project d8s-mpeg version 0.1.0 that originates from a potential code execution backdoor inserted by a third party...

PT-2022-25377 · Unknown +1 · Democritus-Networking +1

Name of the Vulnerable Software and Affected Versions: d8s-mpeg version 0.1.0 Description: The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. Recommendations: For version 0.1.0...