Miggo Logo

CVE-2022-31313: Backdoor in api-res-py

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.6897%
CWE
-
Published
6/9/2022
Updated
11/21/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
api-res-pypip<= 0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided information indicates the vulnerability stems from a backdoor in the 'request' package dependency used by api-res-py, but no specific functions within the api-res-py codebase are explicitly identified. The advisory lacks code samples, commit diffs, or detailed technical descriptions of the vulnerable implementation. While the malicious behavior likely resides in the dependency's code (e.g., in the 'request' package's internal functions), there is insufficient evidence to pinpoint specific functions/modules within the api-res-py package itself with high confidence. The absence of patched versions or GitHub repository analysis further limits actionable insights.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*pi-r*s-py p**k*** in PyPI *.* is vuln*r**l* to * *o** *x**ution ***k*oor in t** r*qu*st p**k***.

Reasoning

T** provi*** in*orm*tion in*i**t*s t** vuln*r**ility st*ms *rom * ***k*oor in t** 'r*qu*st' p**k*** **p*n**n*y us** *y *pi-r*s-py, *ut no sp**i*i* *un*tions wit*in t** *pi-r*s-py *o****s* *r* *xpli*itly i**nti*i**. T** **visory l**ks *o** s*mpl*s, *o