{"id":"MAL-2023-8651","summary":"Malicious code in lodestone (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (c5569d9f5d17acc6330446faa4b9f8eff7b389a4cde9698946b8473c5bd8e74e)\nThe OpenSSF Package Analysis project identified 'lodestone' @ 0.0.58 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2023-12-12T00:33:23Z","published":"2023-12-01T21:54:02Z","withdrawn":"2023-12-12T00:33:23Z","database_specific":{"malicious-packages-origins":[{"versions":["0.0.58"],"modified_time":"2023-12-01T21:54:02Z","source":"ossf-package-analysis","import_time":"2023-12-01T22:04:40.499043094Z","sha256":"c5569d9f5d17acc6330446faa4b9f8eff7b389a4cde9698946b8473c5bd8e74e"},{"versions":["0.0.59"],"modified_time":"2023-12-01T22:13:31Z","source":"ossf-package-analysis","import_time":"2023-12-01T22:33:31.663621752Z","sha256":"d8c4bbbf589e29dc93310a7ee2595d0b70eb43c0f8dcc1cf4ef8956a3bb2ea1b"},{"versions":["0.0.62"],"modified_time":"2023-12-02T19:27:00Z","source":"ossf-package-analysis","import_time":"2023-12-02T19:33:21.569397859Z","sha256":"eafafe3b293d1e416cb3dea7e7459abc439e8fc3f8b8b2f17c3760c21cf68451"},{"versions":["0.0.63"],"modified_time":"2023-12-02T21:04:33Z","source":"ossf-package-analysis","import_time":"2023-12-02T21:33:41.910685065Z","sha256":"c3abc2ec101099b77aefe472454218b0a7d41a32b8f99a233224d85128135f5d"}]},"affected":[{"package":{"name":"lodestone","ecosystem":"PyPI","purl":"pkg:pypi/lodestone"},"versions":["0.0.58","0.0.59","0.0.62","0.0.63"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/pypi/lodestone/MAL-2023-8651.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}