Vulnerability Database
Blog
FAQ
Docs
MAL-2024-8726
See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/invokehttp/MAL-2024-8726.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2024-8726
Published
2024-08-29T08:52:37Z
Modified
2024-08-29T08:52:37Z
Summary
Malicious code in invokehttp (PyPI)
Details
The
init
.py contains a call to execute a Base64-encoded script to download a second stage payload.
References
Credits
Stacklok: trustypkg.dev - FINDER
https://discord.com/invite/RkzVuTp3WK
Affected packages
PyPI
/
invokehttp
Package
Name
invokehttp
View open source insights on deps.dev
Purl
pkg:pypi/invokehttp
Affected ranges
Affected versions
2.*
2.5.5
MAL-2024-8726 - OSV