2 matches found
Malicious code in proxy-check-i (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2da390c130eb840eb129a5d43faf0a64a0f0f602070243613aa0e2f8ea8f6d04 The package advertises itself as a wrapper for a 'qsshd executable' but the bundled Go binary is a reverse-SSH daemon that grants a remote operator...
GHSA-WJJV-3MJ2-39HF AgenticMail API/storage and outbound relay hardening fixes
The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL; blocking direct...