GHSA-cv6j-9835-p7fh, CVE-2022-38792
pypi/exotel
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party.
Version 0.1.6
Unfortunately, there is no solution available yet.
2022-09-22
source |