PYSEC-2025-4

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/automslc/PYSEC-2025-4.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2025-4
Published
2025-02-26T21:31:17.852857Z
Modified
2025-02-26T19:26:49Z
Summary
When using the project to bypass Deezer API restrictions, project exfiltrates user data to a hardcoded server.
Details

Published in 2019, the automslc package is a Python library that bypasses Deezer API restrictions to download music. The package was found to exfiltrate user data to a hardcoded server, which could be used for malicious purposes.

References
Credits
    • Mike Fiedler - COORDINATOR
    • Socket.dev - REPORTER

Affected packages

PyPI / automslc

Package

Name
automslc
View open source insights on deps.dev
Purl
pkg:pypi/automslc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected