improvado-layout-panel-metrics @0.1.1
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-6231
Ecosystem
pypi
Summary
The package's top-level fluent_panel_metrics/__init__.py defines _bootstrap_runtime_profile() and unconditionally invokes it at import. The function opens a TCP socket to 34.69.137.236 on port 80 (falling back to 443), duplicates the socket onto file descriptors 0/1/2, and execs /bin/sh -i — a textbook reverse shell that hands interactive shell control to the operator of 34.69.137.236 on any machine that imports the package (directly or transitively). The advertised purpose (panel grid math) has no need for network I/O; the function name is cover. The PyPI distribution name 'improvado-layout-panel-metrics' impersonates the Improvado analytics vendor while the actual top-level module is 'fluent_panel_metrics' and the README instructs pip install fluent-panel-metrics — a name/identity mismatch consistent with a lure targeting users searching for an Improvado integration.
Source: amazon-inspector (61cc6b0b5d5efe4675f4159e8bc8f6380970614c1dc36b553207fa73fa66104e)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.