OSV ID
MAL-2024-12305
Ecosystem
pypi
Summary
Package sends out the data to a hardcoded webhook. However, it's clearly said in the description, thus - not really malicious. --- Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities. Campaign: 2024-09-mennort Reasons (based on the campaign): - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk. -
Source: kam193 (a18b704aee3dd3fa8d54027bbe2d6634696fcffaf194410e38fb5318d0d2a534)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.