MAL-2026-3413

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/django-b64-img/MAL-2026-3413.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-3413
Published
2026-05-10T20:29:46Z
Modified
2026-05-10T21:32:20.919459Z
Summary
Malicious code in django-b64-img (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (f5ebdaebc61cf7a888322348e074f219519b7d09a24ab91732d8bc5061d86b2e)

The package provides a special image-storing field for Django REST Framework based on a legitimate implementation from the Hipo/drf-extra-fields repository. The malicious modification appends the cloud credentials and full settings values to the serialized form of specific image types. This way, an attacker can retrieve sensitive values by downloading back once uploaded image.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-old-django-b64-img

Reasons (based on the campaign):

  • exfiltration-credentials

  • obfuscation

  • backdoor

Database specific 
{
    "malicious-packages-origins": [
        {
            "id": "pypi/2026-05-old-django-b64-img/django-b64-img",
            "sha256": "f5ebdaebc61cf7a888322348e074f219519b7d09a24ab91732d8bc5061d86b2e",
            "import_time": "2026-05-10T21:20:42.442704837Z",
            "source": "kam193",
            "modified_time": "2026-05-10T20:29:46.824334Z",
            "versions": [
                "1.1"
            ]
        }
    ]
}
References
Credits

Affected packages

PyPI / django-b64-img

Package

Name
django-b64-img
View open source insights on deps.dev
Purl
pkg:pypi/django-b64-img

Affected ranges

Affected versions

1.*
1.1

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/django-b64-img/MAL-2026-3413.json"