Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1nODZqLWh3ZzktNzdxNc4AAwnd
SentinelOne impersonated via PyPI packages
In December 2022, threat actors impersonated SentinelOne by uploading fake software development kits (SDKs) onto PyPI. The SDKs contain fully functional SentinelOne clients, but the packages also contained malicious backdoors that are only executed when called on programmatically, as opposed to during installation. The packages have since been taken down from PyPI.
Permalink: https://github.com/advisories/GHSA-g86j-hwg9-77q5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nODZqLWh3ZzktNzdxNc4AAwnd
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: over 1 year ago
Identifiers: GHSA-g86j-hwg9-77q5
References:
- https://pypi.org/project/SentinelOne/
- https://www.reversinglabs.com/blog/sentinelsneak-malicious-pypi-module-poses-as-security-sdk
- https://github.com/advisories/GHSA-g86j-hwg9-77q5
Affected Packages
pypi:Sentinelone
Dependent packages: 0Dependent repositories: 0
Downloads: last month
Affected Version Ranges: = 1.0.0
No known fixed version
All affected versions: 1.0.0
pypi:SentineloneSDK
Dependent packages: 0Dependent repositories: 0
Downloads: last month
Affected Version Ranges: = 1.0.0
No known fixed version
All affected versions: 1.0.0
pypi:sentinelone-sdk
Dependent packages: 0Dependent repositories: 0
Downloads: last month
Affected Version Ranges: >= 6.2.1, <= 6.2.2
No known fixed version
All affected versions: 6.2.1
pypi:SentinelOne
Dependent packages: 0Dependent repositories: 0
Downloads: last month
Affected Version Ranges: >= 1.0.0, <= 1.2.1
No known fixed version
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.1.0, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9