We use cookies to improve your experience on our site.
AVID-2026-R1165
Description
Vulnerability CVE-2022-44054
Details
The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0.
Reason for inclusion in AVID: CVE-2022-44054 describes a code-execution backdoor inserted into a Python PyPI package (d8s-xml) via a third party, indicating a software supply chain compromise. Such a vulnerability resides in a general-purpose software artifact that could be used in AI pipelines and infrastructure, making it relevant to the supply chain of general-purpose AI systems. It involves a security/safety vulnerability (RCE/backdoor) and is supported by CVE/NVD references in the report.
References
- NVD entry
- https://pypi.org/project/d8s-xml/
- https://pypi.org/project/democritus-utility/
- https://github.com/dadadadada111/info/issues/18
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2022-11-07
- Version: 0.3.3
- AVID Entry