CVE-2022-40807 The d8s domains for python included a backdoor. The backdoor is the democritus-hypothesis package.

The backdoor allows anyone with the source code to upload malicious python code to PyPI and execute it on any system that includes the PyPI package. The package was quickly removed from PyPI. The PyPI team recommends that all users upgrade to version 0.1.1, which fixes the code-execution vulnerability. An updated version of the package has been uploaded to PyPI and can be installed using pip.
The code-execution vulnerability can be exploited by an attacker by uploading malicious code to PyPI. The attacker can then run the code on any system that includes the PyPI package. The code can do anything from deleting important files to taking control of the system and installing malicious code. The vulnerability applies to any system that has the PyPI package installed.

What is PyPI?

PyPI is a package index and repository for python projects. Developers can upload their projects to PyPI, which makes it easy for other users to install them. The PyPI website is hosted on the Python Software Foundation's site.
The vulnerability allows an attacker to execute code on anyone's system that includes the package. Users are advised to update their packages as soon as possible to fix the issue.

PyPI Code Execution Vulnerability Scenario

1. The attacker would need to upload a package containing malicious code to PyPI.
2. The attacker would then have to run the malicious code on a system that includes the PyPI package installed.
3. The attacker can do anything from deleting important files to taking control of the system and installing malicious code

Description of the PyPI Code Execution Vulnerability

A code-execution vulnerability was found in certain versions of the PyPI package. This vulnerability allows anyone with the source code to upload malicious python code to a website and execute it on any system that includes the PyPI package. The package was quickly removed from PyPI, but not before more than one million packages were downloaded and used on a multitude of systems. The source code for the problematic package has been made public, showing how easy it is to exploit the vulnerability.
The vulnerability can be exploited by an attacker by uploading malicious code to PyPI. The attacker can then run the code on any system that includes the PyPI package. The code can do anything from deleting important files to taking control of the system and installing malicious code. Any system that has pip installed will have this vulnerability applied, though it is most obviously dangerous for systems that have vulnerable packages installed from PyPI.

Timeline

Published on: 09/19/2022 15:15:00 UTC
Last modified on: 09/21/2022 15:37:00 UTC

References

• https://pypi.org/project/democritus-hypothesis/
• https://github.com/democritus-project/d8s-domains/issues/8
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40807