cscc-glass-house @1.0.4
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-5096
Ecosystem
pypi
Summary
Package implements exfiltrating credentials from cloud environments to a hardcoded location. Some code parts suggest it may be part of a CTF. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-05-cscc-glass-house Reasons (based on the campaign): - exfiltration-credentials - exfiltration-env-variables - exfiltration-cloud-tokens
Source: kam193 (20f53888d08d0aa70146b50e8dc761373490363f9081ea0adb9fb93cfd2b6240)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.