{"id":"MAL-2025-2345","summary":"Malicious code in mstplotlib (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: oracle-using-macaron (48409bd7f3f22c084f0f0269402f93d8327e3d8d89edf03641e8093e0b22938c)\nThis package is a typosquat of the matplotlib package and executes harmful code during installation. It appears to inject code into Python files (e.g., site.py) on the system.\n","modified":"2025-02-20T06:37:06Z","published":"2025-02-20T06:37:06Z","database_specific":{"malicious-packages-origins":[{"versions":["3.10.2"],"modified_time":"2025-02-20T06:37:06Z","sha256":"48409bd7f3f22c084f0f0269402f93d8327e3d8d89edf03641e8093e0b22938c","source":"oracle-using-macaron","import_time":"2025-02-20T06:37:06Z"}]},"affected":[{"package":{"name":"mstplotlib","ecosystem":"PyPI","purl":"pkg:pypi/mstplotlib"},"versions":["3.10.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mstplotlib/MAL-2025-2345.json"}}],"schema_version":"1.7.3","credits":[{"name":"Oracle using Macaron","contact":["https://github.com/oracle/macaron"],"type":"FINDER"}]}