There are probably hundreds of other packages on PyPi, so there is no way to be sure that all of the affected versions have been checked.
The d8s-dicts for python package is published under the MIT license. This license allows anyone to make changes to the code without having to open an issue or submit a pull request. This means that the d8s-dicts for python code can be altered and published by anyone.
When the d8s-dicts for python package was first published, there was no way for users to check the code. This means that there was no way for users to know if a change was made by a malicious party or by somebody who just wanted to improve the code.
How to check if your version is vulnerable
If you are using the d8s-dicts for python package and want to check if your version is vulnerable, you can run the following code.
python -m d8s.examples.dicts.dicttree [-h] [-f] [-d
How to check if a PyPi package is affected by the CVE
1. Use the command line to check if a package is affected by the CVE.
$ sqlite3 /tmp/pyi.db "SELECT VERSION FROM packages WHERE package='d8s-dicts'"|sed 's/"//g'|awk '{ print $2 }'
2. Use the command line to check if a package is affected by the CVE on pypi.org.
$ wget https://pypi.python.org/pypi/$PACKAGE/tarball > tarball-latest && tar xf tarball-latest && sed -i s/"CVE-2017-"$(date +%F)"-"$(date +%F)"-"$(uname -m)"://"CVE-2017-$(date+%F)"-"$(uname -m)-":"//"; echo "done" | wget https://pypi.python.org/packages/$PACKAGE/tarball -O latest && tar xf latest; rm latest
Timeline
Published on: 09/19/2022 16:15:00 UTC
Last modified on: 09/21/2022 23:08:00 UTC