9 matches found
Malicious code in extrazip (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f58777710463b043a0724ad1d7999807501b56667a10eced314fd036e9303fdf During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...
CVE-2022-42038
The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
MAL-2023-2147 Malicious code in reequests-toolbelt (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4d67c2605086238989409582ef2f1e581d997002a73efbd49be89b6d88bc8825 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
MAL-2023-1673 Malicious code in cclick (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx cf2cf8681fdee6e583798ee2260d2dc71c85de9ca143e8de66530a6c98f14f4d Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
MAL-2023-1831 Malicious code in ffreqtrade (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx bf7a4b9e4df05f2afe50991d0b64e59312ddc06d1d8af631cedcbb4a0ed0d991 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
PYSEC-2022-43040
The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...
CVE-2022-40426
The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...
CVE-2022-38887
The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0...
Code injection
The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...