Python 0.1.0 on PyPI had a code-execution backdoor via democritus-hypothesis in d8s-urls
The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-hypothesis package.
d8s-mpeg Python package v0.1.0 had code-execution backdoor via democritus-networking
The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.
PyPI d8s-ip-addresses 0.1.0 had a code-execution backdoor via democritus-hypothesis
The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0
PyPI package "d8s-dates" version 0.1.0 had a code-execution backdoor via "democritus-hypothesis.
The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0
PyPI d8s-domains 0.1.0 had code-execution backdoor via democritus-hypothesis package
The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0
PyPI d8s-uuids for Python had a code-execution backdoor in democritus-hypothesis v0.1.0
The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0
Open redirect in python-fedora <= 0.8.0 results in CSRF protection loss
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection
Python json2xml package (up to v3.12.0) remote attack, denial of service, typecode decoding error
The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service.
PyPI d8s-urls v0.1.0 had a code-execution backdoor via third-party-inserted code
The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0.
PyPI Pyesasky 1.2.0-1.4.2 had code-execution backdoor
The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The affected versions are 1.2.0-1.4.2.
Introducing the "VAITP dataset": a specialized repository of Python vulnerabilities and patches, meticulously compiled for the use of the security research community. As Python's prominence grows, understanding and addressing potential security vulnerabilities become crucial. Crafted by and for the cybersecurity community, this dataset offers a valuable resource for researchers, analysts, and developers to analyze and mitigate the security risks associated with Python. Through the comprehensive exploration of vulnerabilities and corresponding patches, the VAITP dataset fosters a safer and more resilient Python ecosystem, encouraging collaborative advancements in programming security.
The supreme art of war is to subdue the enemy without fighting.
Sun Tzu – “The Art of War”
:: Shaping the future through research and ingenuity ::