GSD-2022-1000074

See a problem?
Please try reporting it to the source first.

Source

https://data.gsd.id/GSD-2022-1000074

Import Source

https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1000xxx/GSD-2022-1000074.json

JSON Data

https://api.osv.dev/v1/vulns/GSD-2022-1000074

Withdrawn

2023-03-14T07:04:18.327970Z

Published

2022-02-02T18:53:12.653286Z

Modified

2023-03-14T07:04:18.327970Z

Summary

malicious code in PyPi Humanqueen version all

Details

In the PyPi Easyfuncsys package there is malicious code that appears to be stealing Discord tokens allowing it to access Discord as that user, additionally it appears to be stealing leveldb files.

References

https://blog.sonatype.com/malicious-roblox-cookie-and-discord-token-stealers-hit-pypi-repository
https://pepy.tech/project/humanqueen

GSD-2022-1000074

Affected packages