GHSA-5grr-72f9-678v

Source

https://github.com/advisories/GHSA-5grr-72f9-678v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-5grr-72f9-678v/GHSA-5grr-72f9-678v.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5grr-72f9-678v

Published

2024-07-12T21:01:13Z

Modified

2024-07-12T21:01:13Z

Summary

Malware package cipherbcrypt

Details

Malicious package. Exfiltrated secrets to a target server.

Database specific

{
    "nvd_published_at": null,
    "github_reviewed_at": "2024-07-12T21:01:13Z",
    "github_reviewed": true,
    "severity": "HIGH",
    "cwe_ids": []
}

References

https://github.com/pypa/advisory-database/commit/f8df7b7d0444991716fb449d55adf50067d0ba38
https://github.com/pypa/advisory-database/tree/main/vulns/cipherbcrypt/PYSEC-2024-55.yaml

Affected packages

PyPI / cipherbcrypt

Package

Name: cipherbcrypt; View open source insights on deps.dev
Purl: pkg:pypi/cipherbcrypt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected