MAL-2024-11746

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/voto3/MAL-2024-11746.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-11746
Published
2024-07-26T16:53:30Z
Modified
2026-04-22T23:32:00.784569Z
Summary
Malicious code in voto3 (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (34f516638c010eaffd4b7bf199d71925e9963e438cd619739347a6d0ac4bb6be)

Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: GENERIC-standard-pypi-install-pentest

Reasons (based on the campaign):

  • The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

  • The package overrides the install command in setup.py to execute malicious code during installation.

Database specific 
{
    "malicious-packages-origins": [
        {
            "id": "RLMA-2024-11207",
            "import_time": "2024-12-09T14:38:51.000009435Z",
            "sha256": "c9e1a3c25c8f9475f578e6bafa5f1b1848a72f07650086fc62cd657fe7b198df",
            "source": "reversing-labs",
            "modified_time": "2024-12-09T06:51:28Z",
            "versions": [
                "0.1",
                "0.2",
                "0.3",
                "0.7.0",
                "0.9.0"
            ]
        },
        {
            "id": "pypi/GENERIC-standard-pypi-install-pentest/voto3",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T22:30:56.490762721Z",
            "sha256": "81a68f30b26e8401be12d400e10ce1495f4a80c43b6db5da8c59e2d323e911f1",
            "source": "kam193",
            "modified_time": "2024-07-26T16:53:30Z"
        },
        {
            "id": "pypi/GENERIC-standard-pypi-install-pentest/voto3",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "import_time": "2025-12-02T23:07:19.672572117Z",
            "sha256": "34f516638c010eaffd4b7bf199d71925e9963e438cd619739347a6d0ac4bb6be",
            "source": "kam193",
            "modified_time": "2024-07-26T16:53:30Z"
        },
        {
            "id": "pypi/GENERIC-standard-pypi-install-pentest/voto3",
            "import_time": "2025-12-10T21:38:58.76729944Z",
            "sha256": "3e2fc58543015336c36609305ad1216238773d6533bd689f15c830025b1d3536",
            "source": "kam193",
            "modified_time": "2024-07-26T16:53:30Z",
            "versions": [
                "0.2.0",
                "0.3.0",
                "0.9.0",
                "0.2",
                "0.7.0",
                "0.1",
                "0.3"
            ]
        },
        {
            "id": "pypi/GENERIC-standard-pypi-install-pentest/voto3",
            "import_time": "2025-12-30T22:39:04.365613686Z",
            "sha256": "e300feb7298d224d52a3c1c885ef3f386b7acecaeac3604205d7d877b21179da",
            "source": "kam193",
            "modified_time": "2024-07-26T16:53:30Z",
            "versions": [
                "0.1",
                "0.2.0",
                "0.2",
                "0.3.0",
                "0.3",
                "0.7.0",
                "0.9.0"
            ]
        },
        {
            "id": "RLUA-2026-00895",
            "import_time": "2026-03-19T12:20:41.213154183Z",
            "sha256": "19b45df695c84ac36c978e1b64ebb33af520d2e5c50274ad1e7ecd029c3fe2e9",
            "source": "reversing-labs",
            "modified_time": "2026-03-18T12:20:14Z"
        },
        {
            "id": "pypi/GENERIC-standard-pypi-install-pentest/voto3",
            "import_time": "2026-04-22T21:21:55.652962828Z",
            "sha256": "a4ebfa6a9372c6d9a1760b86d21373cc8aa46c9296072d18abaeeb1df1bcbdee",
            "source": "kam193",
            "modified_time": "2024-07-26T16:53:30Z",
            "versions": [
                "0.1",
                "0.2.0",
                "0.2",
                "0.3",
                "0.3.0",
                "0.7.0",
                "0.9.0"
            ]
        },
        {
            "id": "pypi/GENERIC-standard-pypi-install-pentest/voto3",
            "import_time": "2026-04-22T22:48:22.041006867Z",
            "sha256": "a81ee11c866c958196916b43fb34ae7477affde50e22f5a6e6a24f4beb76d37e",
            "source": "kam193",
            "modified_time": "2024-07-26T16:53:30Z",
            "versions": [
                "0.1",
                "0.2",
                "0.2.0",
                "0.3.0",
                "0.3",
                "0.7.0",
                "0.9.0"
            ]
        },
        {
            "id": "pypi/GENERIC-standard-pypi-install-pentest/voto3",
            "import_time": "2026-04-22T23:22:12.864234006Z",
            "sha256": "41cd87da95a7ff9fe885a37749b315e94a5d40315926df9fd428f2ccce79f5f9",
            "source": "kam193",
            "modified_time": "2024-07-26T16:53:30Z",
            "versions": [
                "0.1",
                "0.2",
                "0.2.0",
                "0.3",
                "0.3.0",
                "0.7.0",
                "0.9.0"
            ]
        }
    ]
}
References
Credits

Affected packages

PyPI / voto3

Package

Name
voto3
View open source insights on deps.dev
Purl
pkg:pypi/voto3

Affected ranges

Affected versions

0.*
0.1
0.2
0.2.0
0.3
0.3.0
0.7.0
0.9.0

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/voto3/MAL-2024-11746.json"