CVE-2022-31313: Backdoor in api-res-py
9.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.6897%
CWE
-
Published
6/9/2022
Updated
11/21/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
api-res-py | pip | <= 0.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided information indicates the vulnerability stems from a backdoor in the 'request' package dependency used by api-res-py, but no specific functions within the api-res-py codebase are explicitly identified. The advisory lacks code samples, commit diffs, or detailed technical descriptions of the vulnerable implementation. While the malicious behavior likely resides in the dependency's code (e.g., in the 'request' package's internal functions), there is insufficient evidence to pinpoint specific functions/modules within the api-res-py package itself with high confidence. The absence of patched versions or GitHub repository analysis further limits actionable insights.