CVE-2022-44049
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0.
El d8s-python para Python, distribuido en PyPI, incluía un posible backdoor de ejecución de código insertada por un tercero. Un posible backdoor de ejecución de código insertada por terceros es el paquete democritus-grammars. La versión afectada de d8s-htm es 0.1.0.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-10-30 CVE Reserved
- 2022-11-07 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://github.com/dadadadada111/info/issues/13 | Issue Tracking | |
| https://pypi.org/project/d8s-python | Product | |
| https://pypi.org/project/democritus-grammars | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Democritus Search vendor "Democritus" | D8s-python Search vendor "Democritus" for product "D8s-python" | 0.1.0 Search vendor "Democritus" for product "D8s-python" and version "0.1.0" | python |
Affected
| ||||||