Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14NnhnLTNmajItNHBxM84AA_D5
`exotel` project on PyPI compromised, malicious release made
The exotel project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time
Permalink: https://github.com/advisories/GHSA-x6xg-3fj2-4pq3JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14NnhnLTNmajItNHBxM84AA_D5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 3 months ago
Updated: 3 months ago
Identifiers: GHSA-x6xg-3fj2-4pq3
References:
- https://github.com/pypa/advisory-database/tree/main/vulns/exotel/PYSEC-2022-250.yaml
- https://twitter.com/pypi/status/1562442207079976966
- https://github.com/advisories/GHSA-x6xg-3fj2-4pq3
Affected Packages
pypi:exotel
Dependent packages: 1Dependent repositories: 57
Downloads: 9,072 last month
Affected Version Ranges: = 0.1.6
No known fixed version
All affected versions: