GHSA-6p2q-8qfq-wq7x: Lunary improper access control vulnerability

GHSA-9jmp-j63g-8x6m: Lunary information disclosure vulnerability

GHSA-w73r-8mm4-cfvf: Lunary Improper Authentication vulnerability

GHSA-v6x6-4v4x-2fx9: Lunary Cross-Site Request Forgery (CSRF) vulnerability

GHSA-g26j-5385-hhw3: LiteLLM Server-Side Request Forgery (SSRF) vulnerability

The `spam` project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time

**\`spam\` project on PyPI compromised, malicious releases made**

High severity GitHub Reviewed Published Aug 30, 2024 to the GitHub Advisory Database • Updated Aug 30, 2024

Headline

GHSA-2r6g-7r83-jg72: `spam` project on PyPI compromised, malicious releases made

ghsa: Latest News