Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS00ODZnLTQ3Y2MtOHd4Zs4ABBvl

aiocpa contains credential harvesting code

aiocpa is a user-facing library for generating color gradients of text. Version 0.1.13 introduced obfuscated, malicious code targeting Crypto Pay users, forwarding client credentials to a remote Telegram bot. All versions have been removed from PyPI.

Permalink: https://github.com/advisories/GHSA-486g-47cc-8wxf
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00ODZnLTQ3Y2MtOHd4Zs4ABBvl
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 15 days ago
Updated: 15 days ago


Identifiers: GHSA-486g-47cc-8wxf
References: Blast Radius: 1.0

Affected Packages

pypi:aiocpa
Dependent packages: 0
Dependent repositories: 0
Downloads: 3,784 last month
Affected Version Ranges: >= 0.1.13, <= 0.1.14
No known fixed version
All affected versions: 0.1.13