PYSEC-2025-5

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/browsercmdhbt2/PYSEC-2025-5.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2025-5

Published

2025-02-26T21:31:15.309434Z

Modified

2025-02-26T20:57:11Z

Summary

Exfiltrates user cookies to hardcoded server endpoint during normal operations

Details

Published in 2020, the autodzee package is a Python library that bypasses Deezer API restrictions to download music. The package was found to exfiltrate user data to a hardcoded server, which could be used for malicious purposes.

References

Credits

- Mike Fiedler - COORDINATOR

Affected packages

PyPI / browsercmdhbt2

Package

Name: browsercmdhbt2; View open source insights on deps.dev
Purl: pkg:pypi/browsercmdhbt2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/browsercmdhbt2/PYSEC-2025-5.yaml"