Description

The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.

Related CPE's

a

pycrowdtangle_project

pycrowdtangle

*

*

*

*

*

pypi

Vulnerable

References

http://pypi.doubanio.com/simple/request

Not Applicable

https://github.com/UPB-SS1/PyCrowdTangle/issues/1

ExploitIssue TrackingThird Party Advisory

https://pypi.org/project/PyCrowdTangle/

Product

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-07-22T15:15:08.873

2 years ago

Last modified

2022-07-29T03:13:58.140

2 years ago