CVE-2022-42038
Description
The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The d8s-ip-addresses package on PyPI version 0.1.0 contains a code-execution backdoor via the democritus-csv dependency.
Vulnerability
The d8s-ip-addresses package for Python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0 [1].
Exploitation
An attacker can upload a malicious democritus-csv package to PyPI. When a user installs d8s-ip-addresses==0.1.0, the democritus-csv package will be installed as a dependency and its arbitrary malicious code will execute [1].
Impact
Successful exploitation allows the attacker to achieve arbitrary code execution on the user's system with the privileges of the user installing the package [1].
Mitigation
The project maintainers suggest removing version 0.1.0 from PyPI [1]. As of the publication date, no fixed version has been released. Users should avoid using version 0.1.0 and consider alternative packages or pinning a known-safe version if available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Python/d8s-ip-addressesdescription
- Range: =0.1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.