--- GSD JSON ---
{
"vendor_name": "PyPi Humanqueenn",
"product_name": "PyPi Humanqueenn",
"product_version": "all",
"vulnerability_type": "Malicious code",
"affected_component": "malicious code",
"attack_vector": "typosquatting",
"impact": "Discord token and leveldb file stealer",
"credit": "",
"references": [
"https://blog.sonatype.com/malicious-roblox-cookie-and-discord-token-stealers-hit-pypi-repository",
"https://pepy.tech/project/humanqueenn"
],
"reporter": "kurtseifried",
"reporter_id": 582211,
"notes": "If you have downloaded or used the PyPi Humanqueenn package you should rotate all Discord tokens and credentials immediately.",
"description": "In the PyPi Easyfuncsys package there is malicious code that appears to be stealing Discord tokens allowing it to access Discord as that user, additionally it appears to be stealing leveldb files."
}
--- GSD JSON ---
/cc @kurtseifried