search

CloudSecurityAlliance / gsd-database

Global Security Database
https://gsd.id
Creative Commons Zero v1.0 Universal
306 stars 59 forks source link

[GSD-2022-1000075] GSD Request #2237

Closed GSD-automation closed 2 years ago

GSD-automation commented 2 years ago 
--- GSD JSON ---
{
  "vendor_name": "PyPi Humanqueenn",
  "product_name": "PyPi Humanqueenn",
  "product_version": "all",
  "vulnerability_type": "Malicious code",
  "affected_component": "malicious code",
  "attack_vector": "typosquatting",
  "impact": "Discord token and leveldb file stealer",
  "credit": "",
  "references": [
    "https://blog.sonatype.com/malicious-roblox-cookie-and-discord-token-stealers-hit-pypi-repository",
    "https://pepy.tech/project/humanqueenn"
  ],
  "reporter": "kurtseifried",
  "reporter_id": 582211,
  "notes": "If you have downloaded or used the PyPi Humanqueenn package you should rotate all Discord tokens and credentials immediately.",
  "description": "In the PyPi Easyfuncsys package there is malicious code that appears to be stealing Discord tokens allowing it to access Discord as that user, additionally it appears to be stealing leveldb files."
}
--- GSD JSON ---

/cc @kurtseifried

GSD-automation commented 2 years ago

This issue has been assigned GSD-2022-1000075