Headline
CVE-2022-42038: code execution backdoor · Issue #14 · democritus-project/d8s-ip-addresses
The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.
We discovered a potential code execution backdoor in version 0.1.0 of the project, the backdoor is the democritus-csv package. Attackers can upload democritus-csv packages containing arbitrary malicious code. For the safety of this project, the democritus-csv package has been uploaded by us.
The democritus-csv package can be successfully installed using pip install d8s-ip-addresses==0.1.0
Suggestion: remove version 0.1.0 of this project in PyPI