CVE-2022-30877

Improper Control of Generation of Code ('Code Injection') in pypi/keep

Identifiers

CVE-2022-30877

Package Slug

pypi/keep

Vulnerability

Improper Control of Generation of Code ('Code Injection')

Description

The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.

Affected Versions

Version 1.2

Solution

Upgrade to version 1.3 or above.

Last Modified

2022-06-17

source