Vulnerabilities > CVE-2022-30877 - Unspecified vulnerability in Keep Project Keep 1.2

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

keep-project

critical

NVD

Published: 2022-06-08

Updated: 2023-08-08

Summary

The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.

Vulnerable Configurations

Part	Description	Count
Application	Keep_Project Keep Project Keep 1.2	1

References

https://github.com/OrkoHunter/keep/issues/85
https://pypi.org/project/keep
http://pypi.doubanio.com/simple/request