MAL-2024-9217 Malicious code in botframework-webchat-cldr-data-downloader (npm)

The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 069cec738fcd016cead066052e66581ac130f721c6454d3079b1d054381031e8 Any computer that has this package installed or running...

CVE-2022-32998

The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

CVE-2022-32998

The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

CVE-2022-32998

The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

PYSEC-2022-217

The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

Design/Logic Flaw

The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

PYSEC-2022-217

The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

CVE-2022-32998

The CVE-2022-32998 entry concerns the cryptoasset-data-downloader package for PyPI, affected versions 1.0.0 through 1.0.1. The root cause is a code execution backdoor introduced via the requests package, enabling an attacker to execute arbitrary code. Reported impact includes access to sensitive ...

CVE-2022-32998

The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

cryptoasset-data-downloader 安全漏洞

cryptoasset-data-downloader is a desktop application that downloads historical data on desired crypto assets by connecting to the APIs of several different crypto exchanges. A security vulnerability exists in cryptoasset-data-downloader. An attacker exploited the vulnerability to access sensitive...