Headline
CVE-2022-44049: code execution backdoor · Issue #13 · dadadadada111/info
The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0.
We discovered a potential code execution backdoor in version 0.1.0 of the project, the backdoor is the democritus-grammars package. Attackers can upload democritus-grammars packages containing arbitrary malicious code. For the safety of this project, the democritus-grammars package has been uploaded by us.
The democritus-grammars package can be successfully installed using pip install d8s-python==0.1.0
Suggestion: remove version 0.1.0 of this project in PyPI
PyPI address: https://pypi.org/project/d8s-python/
Homepage address: https://github.com/democritus-project/d8s-python