We use cookies to improve your experience on our site.
AVID-2026-R1057
Description
Vulnerability CVE-2022-34982
Details
The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.
Reason for inclusion in AVID: CVE-2022-34982 describes a code execution backdoor in a PyPI Python package (eziod) prior to v0.0.1. This constitutes a software supply chain vulnerability since a dependency in AI/ML software stacks could be compromised, enabling code execution. The issue is in a package used in software supply chains (Python dependencies), not hardware/firmware. It is clearly a security vulnerability with public references (NVD, GitHub issue). Therefore it meets AVID criteria for AI-related, GPAI supply chain, security risk, with sufficient evidence.
References
- NVD entry
- http://pypi.doubanio.com/simple/request
- https://pypi.org/project/eziod/
- https://github.com/alexw994/eziod/issues/1
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2022-07-22
- Version: 0.3.3
- AVID Entry