CVE-2022-30882: 
Python vulnerability analysis and mitigation

The pyanxdns package version 0.2 in PyPI was identified with a code execution backdoor vulnerability (CVE-2022-30882). The vulnerability was discovered in May 2022 and allows remote arbitrary code execution when installing the affected version. The issue stems from the package containing a malicious dependency called 'request' (without 's'), which differs from the legitimate 'requests' Python module (BleepingComputer).

The vulnerability exists in version 0.2 of the pyanxdns package and received a CVSS v3.1 base score of 9.8 (CRITICAL) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue occurs during package installation when the malicious 'request' dependency is automatically installed alongside the main package (NVD).

When exploited, the vulnerability allows attackers to execute arbitrary code remotely on the affected system. The malicious 'request' package contains a backdoor that can steal cookies and personal information from web browsers including Chrome, Firefox, Yandex, and Brave. Additionally, it attempts to steal login credentials stored in web browsers, which could lead to further supply-chain attacks (BleepingComputer).

The recommended mitigation is to avoid using version 0.2 of the pyanxdns package. The package maintainer has since uploaded a new version and deleted the vulnerable version from PyPI. Users should ensure they are using the latest version of the package and verify their dependencies are sourcing from trusted repositories (BleepingComputer).

The package maintainer, Marky Egebäck, confirmed that the inclusion of the malicious dependency was due to a typographical error in the setup.py file rather than an account compromise. The issue was discovered by GitHub user duxinglin1, who reported it through the project's issue tracker (BleepingComputer).