Logo
pypi

django-b64-img @1.1

Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 4:30 AM UTC

Malicious

OSV ID

MAL-2026-3413

Ecosystem

pypi

Summary

The package provides a special image-storing field for Django REST Framework based on a legitimate implementation from the Hipo/drf-extra-fields repository. The malicious modification appends the cloud credentials and full settings values to the serialized form of specific image types. This way, an attacker can retrieve sensitive values by downloading back once uploaded image. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-05-old-django-b64-img Reasons (based on the campaign): - exfiltration-credentials - obfuscation - backdoor

Source: kam193 (f5ebdaebc61cf7a888322348e074f219519b7d09a24ab91732d8bc5061d86b2e)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.

SEE HACKTRON REVIEW → SCAN DEPENDENCIES