Description

The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.

Related CPE's

a

pycrowdtangle_project

pycrowdtangle

*

*

*

*

*

pypi

Vulnerable

References

http://pypi.doubanio.com/simple/request

Not Applicable

https://github.com/UPB-SS1/PyCrowdTangle/issues/1

ExploitIssue TrackingThird Party Advisory

https://pypi.org/project/PyCrowdTangle/

Product

http://pypi.doubanio.com/simple/request

Not Applicable

https://github.com/UPB-SS1/PyCrowdTangle/issues/1

ExploitIssue TrackingThird Party Advisory

https://pypi.org/project/PyCrowdTangle/

Product

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-07-22T13:15:08.873Z

3 years ago

Last modified

2024-11-21T06:10:31.540Z

1 year ago