{"id":"MAL-2024-6103","summary":"Malicious code in termcolour (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n","modified":"2025-12-24T10:29:42.949264Z","published":"2024-06-25T13:43:19Z","database_specific":{"malicious-packages-origins":[{"sha256":"77c613c1d7ffe5cbff83deb07456de34588d5fd8e0411d6129e170129fc8a5ed","versions":["3.3.1","3.3.3"],"source":"reversing-labs","id":"RLMA-2024-04906","import_time":"2024-06-28T02:50:56.54786511Z","modified_time":"2024-06-25T13:43:19Z"},{"sha256":"b153d0424e2fd8e0bd965b056e3b6baf311fc91b41c36dff6c850c1eea8f940c","versions":["0.0.1"],"source":"reversing-labs","id":"RLUA-2024-09374","import_time":"2024-10-24T01:00:18.001765952Z","modified_time":"2024-10-16T14:52:27Z"},{"sha256":"f1e187f97ba67a5062023f8c6bfa03716caefaea4bdc18cd35857ba1728e92be","source":"reversing-labs","id":"RLUA-2025-06595","import_time":"2025-12-24T10:07:36.785678293Z","modified_time":"2025-12-23T08:39:54Z"}]},"references":[{"type":"ARTICLE","url":"https://www.reversinglabs.com/blog/package-names-repurposed-to-push-malware-on-pypi"}],"affected":[{"package":{"name":"termcolour","ecosystem":"PyPI","purl":"pkg:pypi/termcolour"},"versions":["3.3.1","3.3.3","0.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/termcolour/MAL-2024-6103.json"}}],"schema_version":"1.7.3","credits":[{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}