{"id":"MAL-2024-1333","summary":"Malicious code in threadxpools (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (41a0be6e9aa8db3965bae9f646d47ad6cb85ac9600c8bd71358409062b8fe105)\nThe OpenSSF Package Analysis project identified 'threadxpools' @ 1.2 (pypi) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2024-05-06T02:38:12Z","published":"2024-05-05T19:10:54Z","database_specific":{"malicious-packages-origins":[{"versions":["1.2"],"sha256":"41a0be6e9aa8db3965bae9f646d47ad6cb85ac9600c8bd71358409062b8fe105","import_time":"2024-05-06T02:37:56.710209536Z","modified_time":"2024-05-05T19:17:29Z","source":"ossf-package-analysis"},{"versions":["1.0"],"sha256":"d1017e118ad5a001211a639263fb872dfa5dde20fcd41e1674155a2d7977fb47","import_time":"2024-05-06T02:37:56.622833878Z","modified_time":"2024-05-05T19:10:54Z","source":"ossf-package-analysis"}]},"affected":[{"package":{"name":"threadxpools","ecosystem":"PyPI","purl":"pkg:pypi/threadxpools"},"versions":["1.2","1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/threadxpools/MAL-2024-1333.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}