364 matches found
MAL-2023-5586 Malicious code in py-randvirtual (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 26ecdcd0f481504454f1b0a31aabe3c82f02ab346aaf3e68928d7601538abf7b EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
MAL-2023-5214 Malicious code in py-infopaypal (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 2a728ecbb6d79d27ba4e88d596cf2668f32b2372525a43d8d8508c76f947913f EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in selfultrapyw (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8daba9555fdb54c7b7fded3af4f5aa7590d69ed764c4f078885083e2cdc084e8 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in selfosintgame (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0d184479a795fd63518ad3a2a1f8f5753c90d71332aebfdc1d220eaf84c3824f EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in strpull (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 29ea76364916cb57642686fd8af2655907450cb3cb7102bf14048a825e72df6f EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
MAL-2023-6813 Malicious code in strgrand (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx a4b40b9603031e60658877c559a4c1d363bdcaa4fe74b5ecf3690279267130a2 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
MAL-2023-4795 Malicious code in nvidiapep (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8da378cd3fac6979191e232010afc6034959a33da3ad5ca8aac222d60d71a4cd EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
MAL-2023-5812 Malicious code in pywint (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 60244f467b54cd58b4ea92ae68470643d2680e41b22a9853531a8c8a9e0fff72 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in ramcontrol (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx d677c89ce6ac3c350190e502e42448cb39cf24bc53736ebb0107f3fa6174139b EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in visacraft (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1e617d2eef18ffb90edf647fa39ef7fd338d584d7087126098d1c3b39faea195 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in pywpy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4b515a97de9b02263358313b22241bfee6e523c4bd8d0deb8bb9f3d5c2ecc98a EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in infohttp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4f807b0eb52d14caa4416d401a6f62c95fb520545ddd4c4f79987799f6857955 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in superhttp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4530f70b19e8b2467cb6e378d3b79ac0d896dd937953b4752124cdccd84f657f EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in postget (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx de7e1b853978f87531b6eb0dfe9b5e1337999d82badf65433f565377626c7763 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in getvm (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1893226af4cb26683b8fcda6c43db839ac1be30accde3a7b0a39841aa80c6396 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in ramram (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 539b98584e81afaf0e9e93ea0f969b32a16595957127bfbe7f1a8d7b5a422081 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in beauitfulsoup (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx a3aade995adaf254f40c4e6c38179161529ba6b90fc15731e6258a1f5a1ef0a2 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
CVE-2022-23531 Arbitrary file write when scanning a specially-crafted local PyPI package
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine...
CVE-2022-23531 Arbitrary file write when scanning a specially-crafted local PyPI package
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine...
CVE-2022-23530
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...