{"id":"MAL-2023-1389","summary":"Malicious code in pygame-install (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (93390eea0977ef15ff0c7413e64df5bd99497ea76e9238097ee0b6f4b9862fdd)\nThe OpenSSF Package Analysis project identified 'pygame-install' @ 17.14.20 (pypi) as malicious.\n\nIt is considered malicious because:\n- The package communicates with a domain associated with malicious activity.\n","modified":"2023-05-20T14:05:55Z","published":"2023-05-20T14:05:55Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","modified_time":"2023-05-20T14:05:55.736996237Z","sha256":"93390eea0977ef15ff0c7413e64df5bd99497ea76e9238097ee0b6f4b9862fdd","versions":["17.14.20"],"import_time":"2023-08-10T06:17:12.48615326Z"}]},"affected":[{"package":{"name":"pygame-install","ecosystem":"PyPI","purl":"pkg:pypi/pygame-install"},"versions":["17.14.20"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pygame-install/MAL-2023-1389.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}