{"id":"MAL-2022-7425","summary":"Malicious code in pyg-utils (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ghsa-malware (d88aee4a8e480e3f09eb95c41c77cb679c144faacd48d7829c401276d21a8f38)\nSecurity researchers at Check Point Research discovered a malicious package called `pyg-utils`. PyPI has since removed `pyg-utils`.\n","aliases":["GHSA-p8ph-q2m4-p5wv"],"modified":"2023-11-08T04:21:33.404513Z","published":"2022-08-30T19:37:15Z","database_specific":{"malicious-packages-origins":[{"source":"ghsa-malware","ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"import_time":"2023-07-30T21:58:19.921563832Z","sha256":"d88aee4a8e480e3f09eb95c41c77cb679c144faacd48d7829c401276d21a8f38","id":"GHSA-p8ph-q2m4-p5wv","modified_time":"2022-08-30T19:37:16Z"}]},"references":[{"type":"WEB","url":"https://pypi.org/project/pyg-utils/"},{"type":"WEB","url":"https://research.checkpoint.com/2022/cloudguard-spectral-detects-several-malicious-packages-on-pypi-the-official-software-repository-for-python-developers/"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-p8ph-q2m4-p5wv"}],"affected":[{"package":{"name":"pyg-utils","ecosystem":"PyPI","purl":"pkg:pypi/pyg-utils"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pyg-utils/MAL-2022-7425.json","cwes":[{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."}]}}],"schema_version":"1.7.3"}