9.8
CVE-2022-40811
- EPSS 0.99%
- Veröffentlicht 19.09.2022 15:15:13
- Zuletzt bearbeitet 21.11.2024 07:22:04
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Democritus Urls Project ≫ Democritus Urls Version0.1.0 SwPlatformpython
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.99% | 0.579 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
https://github.com/democritus-project/d8s-urls/issues/11
https://pypi.org/project/democritus-file-system/