Pypi: Security Vulnerabilities
The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-06-24
The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-06-24
The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-06-24
The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-06-24
The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-06-24
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.
CVSS Score
7.8
EPSS Score
0.004
Published
2020-07-22
Page 2