Advisory details:
pysec_importer_v2 / PYSEC-2022-43066
| Advisory ID | pysec_importer_v2/PYSEC-2022-43066 |
| Aliases | |
| Summary | The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 0.0 |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| cvssv3.1 | 9.8 | None |
| Reference id | Reference type | URL |
|---|---|---|
| http://pypi.doubanio.com/simple/request | ||
| https://github.com/bOrionis/AAmiles/issues/1 | ||
| https://pypi.org/project/AAmiles/ |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
No EPSS data available for this advisory.