Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14bTRyLTVyajktMnBnM84AA_D6
gratient 0.5 contains credential harvesting code
gratient is a user-facing library for generating color gradients of text.
Version 0.5 contained obfuscated, malicious code targeting
Windows platforms, harvesting information and credentials from the
user's system and sending them to a remote server.
Services may include Mullvad VPN and Telegram.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14bTRyLTVyajktMnBnM84AA_D6
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-xm4r-5rj9-2pg3
References:
- https://github.com/pypa/advisory-database/tree/main/vulns/gratient/PYSEC-2024-1.yaml
- https://inspector.pypi.io/project/gratient/0.5/packages/c5/c5/353e45fa57fa5f1b2b42fa24a029cdfb018d7263850fb43b6d6352157734/gratient-0.5-py3-none-any.whl/gratient/__init__.py#line.4
- https://pypi.org/project/gratient
- https://github.com/advisories/GHSA-xm4r-5rj9-2pg3
Affected Packages
pypi:gratient
Dependent packages: 0Dependent repositories: 3
Downloads: 356 last month
Affected Version Ranges: = 0.5
No known fixed version
All affected versions: