{"id":"MAL-2023-1381","summary":"Malicious code in numpy-req (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (b444962332036ed34a6122ae3f4595e0b05e8a2d1391aa9f7a1b06b9ab639114)\nThe OpenSSF Package Analysis project identified 'numpy-req' @ 12.17.3 (pypi) as malicious.\n\nIt is considered malicious because:\n- The package communicates with a domain associated with malicious activity.\n","modified":"2023-06-03T16:56:19Z","published":"2023-06-03T16:56:19Z","database_specific":{"malicious-packages-origins":[{"import_time":"2023-08-10T06:17:20.556082854Z","source":"ossf-package-analysis","versions":["12.17.3"],"sha256":"b444962332036ed34a6122ae3f4595e0b05e8a2d1391aa9f7a1b06b9ab639114","modified_time":"2023-06-03T16:56:19.025954892Z"}]},"affected":[{"package":{"name":"numpy-req","ecosystem":"PyPI","purl":"pkg:pypi/numpy-req"},"versions":["12.17.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/numpy-req/MAL-2023-1381.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}