{"id":"GSD-2022-1002522","summary":"backdoor in phpass version 0.3.x-dev, 0.3.x","details":"In PHP phpass version 0.3.x-dev, 0.3.x a backdoor exists in the phpass package that can be attacked via malicious package update resulting in credential theft","modified":"2023-03-14T07:01:09.291903Z","published":"2022-05-24T17:10:11.663637Z","withdrawn":"2023-03-14T07:01:09.291903Z","references":[{"type":"WEB","url":"https://sockpuppets.medium.com/how-i-hacked-ctx-and-phpass-modules-656638c6ec5e"},{"type":"WEB","url":"https://isc.sans.edu/diary/28678"},{"type":"WEB","url":"https://github.com/github/advisory-database/issues/325"},{"type":"WEB","url":"https://status.python.org/incidents/s8vm6pwr46c2"},{"type":"WEB","url":"https://blog.sonatype.com/pypi-package-ctx-compromised-are-you-at-risk"}],"schema_version":"1.7.3"}