CVE-2022-28470
First published: Sun May 08 2022(Updated: )
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Python PyPI | >=0.1<=0.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of the marcador package in PyPI?
The vulnerability ID of the marcador package in PyPI is CVE-2022-28470.
What is the severity of CVE-2022-28470?
The severity of CVE-2022-28470 is critical with a severity value of 9.8.
What is the affected software by CVE-2022-28470?
The affected software is the marcador package in PyPI versions 0.1 through 0.13.
Is there a code-execution backdoor in the marcador package?
Yes, the marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
How can I obtain more information about CVE-2022-28470?
You can find more information about CVE-2022-28470 on the following references: - http://pypi.doubanio.com/simple/request - https://github.com/joajfreitas/marcador/issues/5 - https://pypi.org/project/marcador/
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/python
- canonical/python pypi
- version/python pypi/0.1
- version/python pypi/0.13