We use cookies to improve your experience on our site.
AVID-2026-R1162
Description
Vulnerability CVE-2022-42042
Details
The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0.
Reason for inclusion in AVID: CVE-2022-42042 describes a backdoor injection in the PyPI d8s-networking package via a third-party package (democritus-hashes) enabling code execution. As a Python dependency, it is a software supply-chain vulnerability that could impact AI software stacks that rely on Python packages for networking and infrastructure. The report provides credible signals (NVD entry, PyPI pages, issue thread). Therefore it should be kept for AVID curation as a vulnerability in the general-purpose AI systems supply chain.
References
- NVD entry
- https://pypi.org/project/democritus-hashes/
- https://pypi.org/project/d8s-networking/
- https://github.com/dadadadada111/info/issues/3
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2022-10-11
- Version: 0.3.3
- AVID Entry