Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-42042: d8s-networking

The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0.

CVE
Open in Source
#backdoor#auth

Project description

Democritus Networking

Democritus functions[1] for working with network requests.

[1] Democritus functions are simple, effective, modular, well-tested, and well-documented Python functions.

We use d8s as an abbreviation for democritus (you can read more about this here).

Functions

  • def requests_basic_auth(user, password): “""Return an instance of request’s basic auth.""”

  • def get( url, *, use_common_user_agent: bool = True, process_response: bool = False, process_response_as_bytes: bool = False, **request_kwargs, ): “""Make a GET request to the given URL.""”

  • def head(url, *, process_response: bool = False, **kwargs): “""Make a head request.""”

  • def post( url, *, update_headers_for_datatype: bool = True, process_response: bool = False, process_response_as_bytes: bool = False, **request_kwargs, ): “""Make a POST request to the given URL with the given data.""”

  • def headers_update(headers: Dict[str, str], new_header_key: str, new_header_value: Any, *, overwrite: bool = True): “"".""”

  • def put( url, *, update_headers_for_datatype: bool = True, process_response: bool = False, process_response_as_bytes: bool = False, **request_kwargs, ): “""Make a PUT request to the given URL with the given data.""”

  • def delete( url, *, process_response: bool = False, process_response_as_bytes: bool = False, **request_kwargs, ): “""Make a DELETE request to the given URL with the given data.""”

  • def url_hash(url, hash_type=’sha256’): “""Return the hash of the url.""”

  • def urllib3_backoff_factor_executions(backoff_factor: float, number_of_requests: int): “""Return the times (in seconds) of the first n requests with the given backoff_factor. See https://urllib3.readthedocs.io/en/latest/reference/index.html#urllib3.Retry under the “backoff_factor” argument.""”

Development

👋 If you want to get involved in this project, we have some short, helpful guides below:

  • contribute to this project 🥇
  • test it 🧪
  • lint it 🧹
  • explore it 🔭

If you have any questions or there is anything we did not cover, please raise an issue and we’ll be happy to help.

Credits

This package was created with Cookiecutter and Floyd Hightower’s Python project template.

Download files

Download the file for your platform. If you’re not sure which to choose, learn more about installing packages.

Source Distribution****Built Distribution

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE