We use cookies to improve your experience on our site.
AVID-2026-R1051
Description
Vulnerability CVE-2022-34061
Details
The Catly-Translate package in PyPI v0.0.3 to v0.0.5 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
Reason for inclusion in AVID: CVE-2022-34061 describes a backdoor in the PyPI package catly-translate (versions 0.0.3–0.0.5) enabling code execution and access to sensitive data, i.e., a software supply chain vulnerability. The package is a library used in AI-related workflows (translation/NLP tooling) and could be integrated into general-purpose AI systems, making it relevant to the AI software stack. The vulnerability is clearly security/malware in nature and the report provides CVE ID plus references (NVD, GitHub issues) that substantiate the risk.
References
- NVD entry
- http://pypi.doubanio.com/simple/request
- https://pypi.org/project/catly-translate/
- https://github.com/CatNeverCodes/catly_translate/issues/1
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2022-06-24
- Version: 0.3.3
- AVID Entry