CVE-2022-31313

Description

api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package.

How to fix CVE-2022-31313

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• PyPI/api-res-py—no fix listed
• PyPI/api-res-py—no fix listed

Is CVE-2022-31313 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, <= 0.1
• from 0, <= 0.1

CVSS scores

References (8)

• ADVISORYgithub.com/advisories/GHSA-6978-4w92-428p
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-31313
• PATCHgithub.com/rakeshrkz7/as_api_res
• PATCHpypi.org/project/api-res-py/
• WEBpypi.doubanio.com/simple/request