Lucene search

K
nvd[email protected]NVD:CVE-2022-46609
HistoryDec 14, 2022 - 3:15 p.m.

CVE-2022-46609

2022-12-1415:15:10
web.nvd.nist.gov
2
python3-restfulapi
backdoor
code execution
vulnerability
request package
sensitive user information
digital currency keys
escalate privileges

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

75.5%

Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

Affected configurations

Nvd
Node
python3-restfulapi_projectpython3-restfulapiMatch-
VendorProductVersionCPE
python3-restfulapi_projectpython3-restfulapi-cpe:2.3:a:python3-restfulapi_project:python3-restfulapi:-:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

75.5%

Related for NVD:CVE-2022-46609