{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36272?format=json","vulnerability_id":"VCID-q998-9r1w-r7h9","summary":"The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.","aliases":[{"alias":"CVE-2022-41387"},{"alias":"PYSEC-2022-43029"},{"alias":"PYSEC-2022-43050"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://github.com/democritus-project/d8s-pdfs/issues/7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/democritus-project/d8s-pdfs/issues/7"},{"reference_url":"https://pypi.org/project/d8s-pdfs/","reference_id":"","reference_type":"","scores":[],"url":"https://pypi.org/project/d8s-pdfs/"},{"reference_url":"https://pypi.org/project/democritus-urls/","reference_id":"","reference_type":"","scores":[],"url":"https://pypi.org/project/democritus-urls/"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q998-9r1w-r7h9"}