{"id":"MAL-2023-1376","summary":"Malicious code in matplotlib-flask (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (15cce6ca7d9ce0af312425dec9ae608529c322b940526b20135cdcd8673ba31c)\nThe OpenSSF Package Analysis project identified 'matplotlib-flask' @ 7.15.10 (pypi) as malicious.\n\nIt is considered malicious because:\n- The package communicates with a domain associated with malicious activity.\n","modified":"2023-05-20T14:00:42Z","published":"2023-05-20T14:00:42Z","database_specific":{"malicious-packages-origins":[{"sha256":"15cce6ca7d9ce0af312425dec9ae608529c322b940526b20135cdcd8673ba31c","source":"ossf-package-analysis","modified_time":"2023-05-20T14:00:42.036014098Z","import_time":"2023-08-10T06:17:06.701334973Z","versions":["7.15.10"]}]},"affected":[{"package":{"name":"matplotlib-flask","ecosystem":"PyPI","purl":"pkg:pypi/matplotlib-flask"},"versions":["7.15.10"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/matplotlib-flask/MAL-2023-1376.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}