{"id":"MAL-2023-1386","summary":"Malicious code in pandasprox (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (09102fb6db10bc8a136ca7a902415e21c97a31cbf416c904a7efc49a10757320)\nThe OpenSSF Package Analysis project identified 'pandasprox' @ 0.1.9 (pypi) as malicious.\n\nIt is considered malicious because:\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2023-08-10T06:17:50Z","published":"2023-05-17T13:05:34Z","database_specific":{"malicious-packages-origins":[{"import_time":"2023-08-10T06:17:03.892598154Z","source":"ossf-package-analysis","versions":["0.1.9"],"sha256":"09102fb6db10bc8a136ca7a902415e21c97a31cbf416c904a7efc49a10757320","modified_time":"2023-05-17T14:33:55.85186899Z"},{"import_time":"2023-08-10T06:17:03.663004234Z","source":"ossf-package-analysis","versions":["0.1.8"],"sha256":"517ff6909396aac52db13dda18dede377ad26bc8b6520de63d80b8e0e863edce","modified_time":"2023-05-17T13:49:39.096213027Z"},{"import_time":"2023-08-10T06:17:15.357006471Z","source":"ossf-package-analysis","versions":["1.0.1"],"sha256":"56fc103fda48c5dbaf029fee3eabebf7c262c43b198ac895e3c8f53206cd7a7a","modified_time":"2023-05-22T12:35:14.320097539Z"},{"import_time":"2023-08-10T06:17:02.937426882Z","source":"ossf-package-analysis","versions":["0.1.6"],"sha256":"88f8e65efa15f6cd9e70728303511ef6ae134abf9a8525cafcf8a96deaf64ca7","modified_time":"2023-05-17T13:07:38.387410468Z"},{"import_time":"2023-08-10T06:17:02.640399534Z","source":"ossf-package-analysis","versions":["0.1.7"],"sha256":"bafb281b22eb05250a14e7aa19687718b90991a9c0227b2aa3e45512820281f2","modified_time":"2023-05-17T13:05:34.917386156Z"},{"import_time":"2023-08-10T06:17:03.156013791Z","source":"ossf-package-analysis","versions":["0.1.5"],"sha256":"bd45123097829e550ce00486343eb5f309448b2ce2924f66acdf3e84d306e17f","modified_time":"2023-05-17T13:18:42.86498131Z"},{"import_time":"2023-08-10T06:17:03.403884207Z","source":"ossf-package-analysis","versions":["0.1.4"],"sha256":"c78b8551956b18f93116c90c41f64eaee449422c50d9797f1f0e8d88ad2d0d69","modified_time":"2023-05-17T13:34:51.786370141Z"},{"import_time":"2023-08-10T06:17:15.598517477Z","source":"ossf-package-analysis","versions":["1.0.0"],"sha256":"ce2305c61e2ffaa33e2c007f99249dad245932b3862b06bfd12d1ceb306c4d0f","modified_time":"2023-05-22T13:31:53.23150239Z"}]},"affected":[{"package":{"name":"pandasprox","ecosystem":"PyPI","purl":"pkg:pypi/pandasprox"},"versions":["0.1.9","0.1.8","1.0.1","0.1.6","0.1.7","0.1.5","0.1.4","1.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pandasprox/MAL-2023-1386.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}