GSD-2022-1002521

Source
https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1002xxx/GSD-2022-1002521.json
Published
2022-05-24T16:49:59.126662Z
Modified
2022-05-24T16:49:59.126662Z
Details

In PyPI ctx version 0.1.2-1, 0.1.2-2, 0.1.4, 0.2, 0.2.1, 0.2.2, 0.2.2.1, 0.2.3, 0.2.4, 0.2.5, 0.2.6 a backdoor exists in the ctx package that can be attacked via a malicious package update resulting in credential theft from environment variables

References

Affected packages

GSD / ctx

ctx

Affected ranges

Affected versions

0.*

0.1.2-1
0.1.2-2
0.1.4
0.2
0.2.1
0.2.2
0.2.2.1
0.2.3
0.2.4
0.2.5
0.2.6