Malicious code in cryptofeeed (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 13b429ad70d1963002327ce511d7f329abe9ce3031458f645c0f540d78e511a4 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in crypptofeed (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx a7d4c83d8dcd9a01f599042126400f7226278c483b07256dcf12847f889fa471 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in crptofeed (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 793d4363e6ceb58df1dd2d6a6a3bc75200fffa52391745347aac316139cde11c Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in ffreqtrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx bf7a4b9e4df05f2afe50991d0b64e59312ddc06d1d8af631cedcbb4a0ed0d991 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in freqtraed (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx d3b09b838f7731034ed3cf7888f012a509a01b48dfe6d73216e6dbdc7cebc7a6 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in rfeqtrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c92d5b85a3696b3ef33cc5e2ab0d28c83c81ce54a30982c13a0d02b4bde644eb Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in freqqtrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 80ae317019207fa63d7913143c4586a3f1e5fc7236d5b15fca01263a281ea0c1 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in fretqrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6006c2d8bfe788dd4e9c483d3e8eb3eb6d5521c9197bf9fe463f31e878eb35d7 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in freqtraade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8dee746d88c5636acacd53a078f650424bf8658c8bd173ec8a1ed3e3b2aedc28 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in reqtrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9eafd0ca4dd4d799f7fc2c72d39f61b3ea59fd355085c35889d3f640f62bb992 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in cccxt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx bbf77e85143db2624a1691f94e6382f42d72ab92eec168499ba0ac0b1f0081d3 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

0lever-utils (>=0.0.2 <=0.0.7), 0x-web3 (=5.0.0a5) +1576 more potentially affected by CVE-2023-0286 via cryptography (>=0.8.1 <=39.0.0)

cryptography PYPI version =0.8.1, =0.0.2, =0.1.0, =0.5.0rc5, =1.0.0, =2.6.3, =1.0.4, =2.8.1, =0.4.0, =2.0.0, =0.1.1, =0.1.15 and more Source cves: CVE-2023-0286 Source advisory: OSV:GHSA-X4QR-2FVF-3MR5...

aws-syndicate (>=0.9.2 <=1.9.4), bcipy (>=1.1.1 <=1.4.2) +40 more potentially affected by CVE-2023-26112 via configobj (>=5.0.0 <=5.0.8)

configobj PYPI version =5.0.0, =0.9.2, =1.1.1, =0.4.1, =1.0.0, =1.0.0, =1.7.0, =0.0.2, =0.1.5, =0.1.2, =0.0.26, =0.1.0, =2.1.0, =0.1.5, =0.1.14, =2018.4.2.1 and more Source cves: CVE-2023-26112 Source advisory: SNYK:PYTHON-CONFIGOBJ-3252494...

Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index PyPI repository that are designed to drop malware on compromised developer systems. The packages – named colorslib versions 4.6.11 and 4.6.12, httpslib versions 4.6.9 and 4.6.11, and libhttps version...

MGASA-2023-0001 Updated python-gitpython packages fix security vulnerability

Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments...

aap-client-python (>=0.1.1 <=0.1.3), activedirectoryenum (>=0.4.0 <=0.5.0) +537 more potentially affected by CVE-2022-40899 via future (>=0.11.4 <=0.18.2)

future PYPI version =0.11.4, =0.1.1, =0.4.0, =1.3.3, =0.1.0, =1.3.0, =0.5.1, =1.0.0, =0.1.2, =1.0.0, =1.10.0, =0.3.3, =0.8.0 - anomalydetection =0.0.0.dev1 and more Source cves: CVE-2022-40899 Source advisory: OSV:GHSA-V3C5-JQR6-7QM8...

aap-client-python (>=0.1.1 <=0.1.3), activedirectoryenum (>=0.4.0 <=0.5.0) +537 more potentially affected by CVE-2022-40899 via future (>=0.11.4 <=0.18.2)

future PYPI version =0.11.4, =0.1.1, =0.4.0, =1.3.3, =0.1.0, =1.3.0, =0.5.1, =1.0.0, =0.1.2, =1.0.0, =1.10.0, =0.3.3, =0.8.0 - anomalydetection =0.0.0.dev1 and more Source cves: CVE-2022-40899 Source advisory: OSV:PYSEC-2022-42991...

PYSEC-2022-42994

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine...

PYSEC-2022-42994

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine...

GuardDog 路径遍历漏洞

GuardDog is an open source CLI tool from GuardDog that allows the identification of malicious PyPI packages. A security vulnerability exists in GuardDog versions prior to 0.1.5, which stems from vulnerability to relative path traversal attacks when scanning specially crafted native PyPI packages...