GHSA-2r6g-7r83-jg72

Suggest an improvement
Source
https://github.com/advisories/GHSA-2r6g-7r83-jg72
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-2r6g-7r83-jg72/GHSA-2r6g-7r83-jg72.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-2r6g-7r83-jg72
Published
2024-08-30T23:37:36Z
Modified
2024-08-30T23:37:36Z
Summary
`spam` project on PyPI compromised, malicious releases made
Details

The spam project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time

Database specific 
{
    "cwe_ids": [],
    "nvd_published_at": null,
    "github_reviewed_at": "2024-08-30T23:37:36Z",
    "github_reviewed": true,
    "severity": "HIGH"
}
References

Affected packages

PyPI / spam

Package

Name
spam
View open source insights on deps.dev
Purl
pkg:pypi/spam

Affected ranges

Affected versions

2.*

2.0.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-2r6g-7r83-jg72/GHSA-2r6g-7r83-jg72.json"

PyPI / spam

Package

Name
spam
View open source insights on deps.dev
Purl
pkg:pypi/spam

Affected ranges

Affected versions

4.*

4.0.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-2r6g-7r83-jg72/GHSA-2r6g-7r83-jg72.json"