VulnerableCode Advisory Details - pypi/aamiles/CVE-2022-33001

Advisory details: gitlab_importer_v2 / pypi/aamiles/CVE-2022-33001

Essentials
Severities (0)
References (4)
Severity details (0)
Exploits (0)
EPSS

Advisory ID	gitlab_importer_v2/pypi/aamiles/CVE-2022-33001
Aliases	CVE-2022-33001
Summary	Inclusion of Functionality from Untrusted Control Sphere (Malicious Dependency) The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
Status	Published
Exploitability	0.5
Weighted Severity	0.0
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-829	Inclusion of Functionality from Untrusted Control Sphere
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		http://pypi.doubanio.com/simple/request
		https://github.com/bOrionis/AAmiles/issues/1
		https://pypi.org/project/AAmiles/
CVE-2022-33001		https://nvd.nist.gov/vuln/detail/CVE-2022-33001

No exploits are available.

There are no known vectors.

No EPSS data available for this advisory.