CVE-2022-46609 - Vulnerability Details - OpenCVE

Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Python3-restfulapi Project	Python3-restfulapi

Configuration 1 [-]

cpe:2.3:a:python3-restfulapi_project:python3-restfulapi:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/herry-zhang/Python3-RESTfulAPI/
https://github.com/herry-zhang/Python3-RESTfulAPI/blob/1c2081dca357685b3180b9baeb7e761e9a10ca99/SECURITY.md
https://github.com/herry-zhang/Python3-RESTfulAPI/commit/1c2081dca357685b3180b9baeb7e761e9a10ca99
https://mirrors.neusoft.edu.cn/pypi/web/simple/request/

History

Tue, 22 Apr 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-14T00:00:00.000Z

Updated: 2025-04-22T15:09:37.563Z

Reserved: 2022-12-05T00:00:00.000Z

Link: CVE-2022-46609

Vulnrichment

Updated: 2024-08-03T14:39:38.419Z

NVD

Status : Modified

Published: 2022-12-14T15:15:10.720

Modified: 2025-04-22T15:16:07.530

Link: CVE-2022-46609

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-46609", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-04-22T15:09:37.563Z", "dateReserved": "2022-12-05T00:00:00.000Z", "datePublished": "2022-12-14T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-14T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://mirrors.neusoft.edu.cn/pypi/web/simple/request/"}, {"url": "https://github.com/herry-zhang/Python3-RESTfulAPI/"}, {"url": "https://github.com/herry-zhang/Python3-RESTfulAPI/blob/1c2081dca357685b3180b9baeb7e761e9a10ca99/SECURITY.md"}, {"url": "https://github.com/herry-zhang/Python3-RESTfulAPI/commit/1c2081dca357685b3180b9baeb7e761e9a10ca99"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:39:38.419Z"}, "title": "CVE Program Container", "references": [{"url": "https://mirrors.neusoft.edu.cn/pypi/web/simple/request/", "tags": ["x_transferred"]}, {"url": "https://github.com/herry-zhang/Python3-RESTfulAPI/", "tags": ["x_transferred"]}, {"url": "https://github.com/herry-zhang/Python3-RESTfulAPI/blob/1c2081dca357685b3180b9baeb7e761e9a10ca99/SECURITY.md", "tags": ["x_transferred"]}, {"url": "https://github.com/herry-zhang/Python3-RESTfulAPI/commit/1c2081dca357685b3180b9baeb7e761e9a10ca99", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-22T15:09:12.883960Z", "id": "CVE-2022-46609", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T15:09:37.563Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://mirrors.neusoft.edu.cn/pypi/web/simple/request/", "tags": ["x_transferred"]}, {"url": "https://github.com/herry-zhang/Python3-RESTfulAPI/", "tags": ["x_transferred"]}, {"url": "https://github.com/herry-zhang/Python3-RESTfulAPI/blob/1c2081dca357685b3180b9baeb7e761e9a10ca99/SECURITY.md", "tags": ["x_transferred"]}, {"url": "https://github.com/herry-zhang/Python3-RESTfulAPI/commit/1c2081dca357685b3180b9baeb7e761e9a10ca99", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:39:38.419Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-46609", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-22T15:09:12.883960Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T15:09:33.482Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://mirrors.neusoft.edu.cn/pypi/web/simple/request/"}, {"url": "https://github.com/herry-zhang/Python3-RESTfulAPI/"}, {"url": "https://github.com/herry-zhang/Python3-RESTfulAPI/blob/1c2081dca357685b3180b9baeb7e761e9a10ca99/SECURITY.md"}, {"url": "https://github.com/herry-zhang/Python3-RESTfulAPI/commit/1c2081dca357685b3180b9baeb7e761e9a10ca99"}], "descriptions": [{"lang": "en", "value": "Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-14T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-46609", "state": "PUBLISHED", "dateUpdated": "2025-04-22T15:09:37.563Z", "dateReserved": "2022-12-05T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2022-12-14T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python3-restfulapi_project:python3-restfulapi:-:*:*:*:*:*:*:*", "matchCriteriaId": "DEC19DF5-94EC-48CC-8C37-A05BD4C237B3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges."}, {"lang": "es", "value": "Se descubri\u00f3 que la confirmaci\u00f3n Python3-RESTfulAPI d9907f14e9e25dcdb54f5b22252b0e9452e3970e y e772e0beee284c50946e94c54a1d43071ca78b74 conten\u00edan una puerta trasera de ejecuci\u00f3n de c\u00f3digo a trav\u00e9s del paquete de solicitud. Esta vulnerabilidad permite a los atacantes acceder a informaci\u00f3n confidencial del usuario y claves de moneda digital, as\u00ed como escalar privilegios."}], "id": "CVE-2022-46609", "lastModified": "2025-04-22T15:16:07.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-14T15:15:10.720", "references": [{"source": "cve@mitre.org", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/herry-zhang/Python3-RESTfulAPI/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/herry-zhang/Python3-RESTfulAPI/blob/1c2081dca357685b3180b9baeb7e761e9a10ca99/SECURITY.md"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/herry-zhang/Python3-RESTfulAPI/commit/1c2081dca357685b3180b9baeb7e761e9a10ca99"}, {"source": "cve@mitre.org", "tags": ["Product", "Third Party Advisory"], "url": "https://mirrors.neusoft.edu.cn/pypi/web/simple/request/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/herry-zhang/Python3-RESTfulAPI/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/herry-zhang/Python3-RESTfulAPI/blob/1c2081dca357685b3180b9baeb7e761e9a10ca99/SECURITY.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/herry-zhang/Python3-RESTfulAPI/commit/1c2081dca357685b3180b9baeb7e761e9a10ca99"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Third Party Advisory"], "url": "https://mirrors.neusoft.edu.cn/pypi/web/simple/request/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}