MAL-2022-7425

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pyg-utils/MAL-2022-7425.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2022-7425
Aliases
  • GHSA-p8ph-q2m4-p5wv
Published
2022-08-30T19:37:15Z
Modified
2023-11-08T04:21:33.404513Z
Summary
Malicious code in pyg-utils (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: ghsa-malware (d88aee4a8e480e3f09eb95c41c77cb679c144faacd48d7829c401276d21a8f38)

Security researchers at Check Point Research discovered a malicious package called pyg-utils. PyPI has since removed pyg-utils.

Database specific 
{
    "malicious-packages-origins": [
        {
            "modified_time": "2022-08-30T19:37:16Z",
            "import_time": "2023-07-30T21:58:19.921563832Z",
            "id": "GHSA-p8ph-q2m4-p5wv",
            "ranges": [
                {
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ],
                    "type": "ECOSYSTEM"
                }
            ],
            "source": "ghsa-malware",
            "sha256": "d88aee4a8e480e3f09eb95c41c77cb679c144faacd48d7829c401276d21a8f38"
        }
    ]
}
References

Affected packages

PyPI / pyg-utils

Package

Name
pyg-utils
View open source insights on deps.dev
Purl
pkg:pypi/pyg-utils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Database specific 

{
    "cwes": [
        {
            "description": "The product contains code that appears to be malicious in nature.",
            "cweId": "CWE-506",
            "name": "Embedded Malicious Code"
        }
    ]
}