CVE-2022-30885

Description

** Reserved ** The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2.

How to fix CVE-2022-30885

To remediate CVE-2022-30885, upgrade the affected package to a fixed version below.

• PyPI/pyesasky—upgrade to 1.4.3 or later

Is CVE-2022-30885 being exploited?

Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• >= 1.2.0, < 1.4.3

References (3)

• PATCHpypi.org/project/pyesasky/
• REPORTgithub.com/esdc-esac-esa-int/pyesasky/issues/39
• WEBpypi.doubanio.com/simple/request