Remote Code Execution (RCE)

2022-07-2504:13:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

remote code execution

vulnerability

malicious packages

mirror sites

software

EPSS

0.002

Percentile

59.0%

JSON

bin-collection is vulnerable to remote code execution. An attacker can inject and execute malicious code through the malicious request packages as the library does not properly remove malicious packages from many mirror sites.

References

pypi.doubanio.com/simple/request

github.com/advisories/GHSA-2mxg-q6g7-4jvg

github.com/Gmiller290488/bin_collection/issues/2

pypi.org/project/bin-collection/

EPSS

0.002

Percentile

59.0%

JSON

Related for VERACODE:36460