Vulnerabilities > CVE-2022-34065 - Unspecified vulnerability in Rondolu-Yt-Concate Project Rondolu-Yt-Concate 0.1.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

rondolu-yt-concate-project

NVD

Published: 2022-06-24

Updated: 2022-07-06

Summary

The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

Vulnerable Configurations

Part	Description	Count
Application	Rondolu-Yt-Concate_Project Rondolu YT Concate Project Rondolu YT Concate 0.1.0	1

References

https://pypi.org/project/rondolu-yt-concate/
https://github.com/rondolu/project-yt-concate/issues/1
http://pypi.doubanio.com/simple/request