MAL-2023-1412

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/spamsynonym/MAL-2023-1412.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2023-1412
Published
2023-05-10T11:43:49Z
Modified
2024-06-28T02:53:20Z
Summary
Malicious code in spamsynonym (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (bbc650ef44d412610406a674ac1fce3dcb717b01d175614f158016f47b53b1ce)

The OpenSSF Package Analysis project identified 'spamsynonym' @ 1.1.1 (pypi) as malicious.

It is considered malicious because: - The package communicates with a domain associated with malicious activity.

Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "bbc650ef44d412610406a674ac1fce3dcb717b01d175614f158016f47b53b1ce",
            "modified_time": "2023-05-10T11:44:48.915196661Z",
            "import_time": "2023-08-10T06:16:59.753040715Z",
            "versions": [
                "1.1.1"
            ],
            "source": "ossf-package-analysis"
        },
        {
            "sha256": "bf14d84887774e0581d5695312e48271a7c575f73bab7bcfa180fd452304d6b8",
            "modified_time": "2023-05-10T11:43:49.241666354Z",
            "import_time": "2023-08-10T06:16:59.484145793Z",
            "versions": [
                "1.0.0"
            ],
            "source": "ossf-package-analysis"
        },
        {
            "id": "RLMA-2024-04831",
            "sha256": "91489cc9401e52668e5400fc7200e085b9489d5bdd81db8d8db2d2cb2b3ca426",
            "modified_time": "2024-06-25T13:42:44Z",
            "import_time": "2024-06-28T02:50:47.599126276Z",
            "versions": [
                "1.1.1",
                "1.0.0"
            ],
            "source": "reversing-labs"
        }
    ]
}
References
Credits

Affected packages

PyPI / spamsynonym

Package

Name
spamsynonym
View open source insights on deps.dev
Purl
pkg:pypi/spamsynonym

Affected ranges

Affected versions

1.*

1.0.0
1.1.1