Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-40810: code execution backdoor · Issue #13 · democritus-project/d8s-ip-addresses

The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0

CVE
#backdoor

We discovered a potential code execution backdoor in version 0.1.0 of the project, the backdoor is the democritus-hypothesis package. Attackers can upload democritus-hypothesis packages containing arbitrary malicious code. For the safety of this project, the democritus-hypothesis package has been uploaded by us.

The democritus-hypothesis package can be successfully installed using pip install d8s-ip-addresses==0.1.0

Suggestion: remove version 0.1.0 of this project in PyPI

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907