CVE-2022-44048 The d8s-urls for python included a backdoor inserted by a third party. This is the democritus-domains package.

It was publicly released on January 1, 2018. PyPI is a hosted service, so it is impossible to know when code was last updated. It is recommended to update PyPI packages as soon as possible.
This code-execution backdoor was found in the package d8s-htm, distributed on PyPI. When PyPI was notified, the package was removed. When d8s-htm was removed from PyPI, the d8s-urls package was also removed from PyPI.

Summary

This code-execution backdoor was found in the d8s-htm package, which was released on PyPI. When PyPI was notified, the package was removed.

Vulnerability Description

The d8s-htm package distributed on PyPI contained a malicious code execution backdoor that could be used to install additional malicious scripts in the victim’s server. The vulnerability was publicly released on January 1, 2018 and was fixed on the same day. PyPI is a hosted service, so it is impossible to know when the code was last updated. It is recommended to update packages on PyPI as soon as possible.

Timeline

Published on: 11/07/2022 15:15:00 UTC
Last modified on: 11/08/2022 17:38:00 UTC

References

• https://pypi.org/project/d8s-urls/
• https://github.com/dadadadada111/info/issues/12
• https://pypi.org/project/democritus-domains/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44048