{"vulnerability": "cve-2022-4138", "sightings": [{"uuid": "66483ed2-c006-4a51-9605-5d480a23144f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-41385", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16978", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41385\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.\n\ud83d\udccf Published: 2022-10-11T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-20T14:35:16.815Z\n\ud83d\udd17 References:\n1. https://pypi.org/project/d8s-html/\n2. https://pypi.org/project/democritus-urls/\n3. https://github.com/democritus-project/d8s-html/issues/12", "creation_timestamp": "2025-05-20T14:40:36.000000Z"}, {"uuid": "b0bb0696-bcba-42ae-8668-87945bd12ae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-41384", "type": "seen", "source": "https://t.me/cibsecurity/51228", "content": "\u203c CVE-2022-41384 \u203c\n\nThe d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T02:26:19.000000Z"}, {"uuid": "a8d9392f-204c-4d1f-ae44-407b87e21783", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-41385", "type": "seen", "source": "https://t.me/cibsecurity/51224", "content": "\u203c CVE-2022-41385 \u203c\n\nThe d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T02:26:12.000000Z"}, {"uuid": "095166db-f0d5-426d-be16-97ac8dc44f72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-41386", "type": "seen", "source": "https://t.me/cibsecurity/51240", "content": "\u203c CVE-2022-41386 \u203c\n\nThe d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T02:26:35.000000Z"}, {"uuid": "9e2bc61b-3b41-45ed-9448-c8b322a0ccc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-41381", "type": "seen", "source": "https://t.me/cibsecurity/51237", "content": "\u203c CVE-2022-41381 \u203c\n\nThe d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T02:26:30.000000Z"}, {"uuid": "342bc078-550d-44ac-a4b5-a97f80a15667", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-41383", "type": "seen", "source": "https://t.me/cibsecurity/51236", "content": "\u203c CVE-2022-41383 \u203c\n\nThe d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T02:26:29.000000Z"}, {"uuid": "6089de10-5039-42b6-849d-ad451b1af7f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-41387", "type": "seen", "source": "https://t.me/cibsecurity/51235", "content": "\u203c CVE-2022-41387 \u203c\n\nThe d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T02:26:28.000000Z"}, {"uuid": "4701b55b-3f49-464e-b08a-1fd950ef334e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-41382", "type": "seen", "source": "https://t.me/cibsecurity/51234", "content": "\u203c CVE-2022-41382 \u203c\n\nThe d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T02:26:27.000000Z"}]}