We use cookies to improve your experience on our site.
AVID-2026-R1163
Description
Vulnerability CVE-2022-42044
Details
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0.
Reason for inclusion in AVID: This CVE describes a backdoored Python package (d8s-asns) with a code execution backdoor (democritus-html) distributed on PyPI. It constitutes a software supply-chain vulnerability in a Python dependency that could be pulled into AI software stacks (dependencies, runtimes, packaging, deployment) used to build/train/deploy AI systems. Therefore it is AI-related and relevant to the GP AI supply chain. The vulnerability is clearly security-related (potential code execution), and the report provides explicit evidence (CVE entry, references to PyPI packages).
References
- NVD entry
- https://pypi.org/project/d8s-asns/
- https://pypi.org/project/democritus-html/
- https://github.com/dadadadada111/info/issues/4
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2022-10-11
- Version: 0.3.3
- AVID Entry