CVE-2022-2054: 
Python vulnerability analysis and mitigation

Code Injection vulnerability (CVE-2022-2054) was discovered in the GitHub repository nuitka/nuitka affecting versions prior to 0.9. The vulnerability was initially reported and tracked in June 2022, with the CVE being assigned by Protect AI (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue is classified as CWE-94 (Improper Control of Generation of Code - Code Injection). The vulnerability was initially reported as a Command Injection issue but was later reclassified as a Code Injection vulnerability during the analysis process (NVD).

The vulnerability could potentially allow an attacker to execute arbitrary code with high impacts on confidentiality, integrity, and availability of the affected system. The CVSS scoring indicates high potential impact across all three security metrics (Confidentiality, Integrity, and Availability) (NVD).

The vulnerability has been fixed in version 0.9 of nuitka. Users are advised to upgrade to this version or later to mitigate the risk. A patch was provided through a commit that replaces the use of 'eval' with 'ast.literal_eval' for safer code execution (GitHub Patch).