The d8s-xml package for Python, as distributed on PyPI,...
Critical severity
Unreviewed
Published
Oct 12, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Oct 11, 2022
Published to the GitHub Advisory Database
Oct 12, 2022
Last updated
Jan 27, 2023
The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0.
References