Analysis

pypa · Dec 10, 2024 · d8d8741 · d8d8741
1 parent 73130eb
commit d8d8741
Showing 1 changed file with 24 additions and 22 deletions.
diff --git a/vulns/ultralytics/PYSEC-0000-ultralytics.yaml b/vulns/ultralytics/PYSEC-0000-ultralytics.yaml
@@ -1,5 +1,4 @@
 id: PYSEC-0000-ultralytics.yaml
-modified: 2024-12-10T16:51:23Z
 summary: A number of releases of ultralytics contained malicious crypto miner software.
 details: |
   Ultralytics has identified a supply chain attack
@@ -9,28 +8,9 @@ details: |
   when instantiating YOLO models.
   This code was injected into the PyPI release artifacts and was not present
   in the public GitHub repository.
-affected:
-- package:
-    ecosystem: PyPI
-    name: ultralytics
-    purl: pkg:pypi/ultralytics
-  versions:
-  - "8.3.41"
-  - "8.3.42"
-  - "8.3.45"
-  - "8.3.46"
-  ranges:
-  - type: ECOSYSTEM
-    events:
-      - introduced: "8.3.41"
-      - fixed: "8.3.47"
-severity:
-  - type: CVSS_V3
-    score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
-  - type: CVSS_V4
-    score: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
+modified: '2024-12-10T19:20:27.097505Z'
 related:
-  - GHSA-7x29-qqmq-v6qc
+- GHSA-7x29-qqmq-v6qc
 references:
 - type: EVIDENCE
   url: https://inspector.pypi.io/project/ultralytics/8.3.41/packages/d0/99/13d92174aa6a470d348a95e31164769f2cdf77838ea3c3e3fd476285777d/ultralytics-8.3.41-py3-none-any.whl/ultralytics/utils/downloads.py#line.284
@@ -46,3 +26,25 @@ references:
   url: https://github.com/ultralytics/ultralytics/releases/tag/v8.3.48
 - type: ARTICLE
   url: https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection
+affected:
+- package:
+    name: ultralytics
+    ecosystem: PyPI
+    purl: pkg:pypi/ultralytics
+  ranges:
+  - type: ECOSYSTEM
+    events:
+    - introduced: 8.3.41
+    - fixed: 8.3.47
+  versions:
+  - 8.3.41
+  - 8.3.42
+  - 8.3.45
+  - 8.3.46
+  - 8.3.43
+  - 8.3.44
+severity:
+- type: CVSS_V3
+  score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
+- type: CVSS_V4
+  score: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N