{"id":"PYSEC-2025-3","summary":"When using the project to bypass Deezer API restrictions, project exfiltrates user data to a hardcoded server.","details":"Published in 2019, the autodzee package is a Python library\nthat bypasses Deezer API restrictions to download music.\nThe package was found to exfiltrate user data to a hardcoded server,\nwhich could be used for malicious purposes.\n","modified":"2025-02-26T20:54:20Z","published":"2025-02-26T21:31:12.021014Z","references":[{"type":"EVIDENCE","url":"https://inspector.pypi.io/project/autodzee/2.9/packages/a1/3b/c074ea2a71dd48c260b7437dbb595911216e5daf2e47d5a6698c5681d94d/autodzee-2.9-py3-none-any.whl/dzee_helper.py#line.42"}],"affected":[{"package":{"name":"autodzee","ecosystem":"PyPI","purl":"pkg:pypi/autodzee"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/autodzee/PYSEC-2025-3.yaml"}}],"schema_version":"1.7.3","credits":[{"name":"Mike Fiedler","type":"COORDINATOR"}]}