{"id":"PYSEC-2022-43134","details":"The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party.","aliases":["CVE-2022-38792","GHSA-cv6j-9835-p7fh"],"modified":"2024-11-25T22:42:25.503499Z","published":"2022-08-27T20:15:00Z","references":[{"type":"WEB","url":"https://github.com/jertel/elastalert2/pull/931"},{"type":"WEB","url":"https://inspector.pypi.io/project/exotel/0.1.6/packages/8b/ed/9ebeb34d4adb9b01151d73ccfde9c1cb2d629c3b146953c8727559a65446/exotel-0.1.6.tar.gz/exotel-0.1.6/setup.py"},{"type":"PACKAGE","url":"https://pypi.org/project/exotel/"},{"type":"REPORT","url":"https://github.com/sarathsp06/exotel-py/issues/10"}],"affected":[{"package":{"name":"exotel","ecosystem":"PyPI","purl":"pkg:pypi/exotel"},"versions":["0.1.6"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/exotel/PYSEC-2022-43134.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}