9.8
CVE-2022-32998
- EPSS 0.73%
- Veröffentlicht 24.06.2022 21:15:08
- Zuletzt bearbeitet 21.11.2024 07:07:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pypi ≫ Cryptoasset-data-downloader SwPlatformpypi Version >= 1.0.0 <= 1.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.73% | 0.722 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|