Homepage
About Snyk

Malicious Package Affecting are package, versions [0,]

Severity

 Recommended
0.0
critical
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    Exploit Maturity
    Mature

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-ARE-2419129
  • published 8 Mar 2022
  • disclosed 8 Mar 2022
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 8 Mar 2022

Malicious CVE NOT AVAILABLE CWE-506 Open this link in a new tab

How to fix?

Avoid using all malicious instances of the are package.

Overview

are is a malicious package. This package uses "typosquatting" to bait unknowing users to install them, this package could be abused to become an entry point for more sophisticated threats, enabling the attacker to execute remote code on the target machine, amass system information, plunder credit card information, and passwords auto-saved in Chrome and Edge browsers, and even steal Discord authentication tokens to impersonate the victim.

References

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
9.6 critical
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    Required
  • Scope (S)
    Changed
  • Confidentiality (C)
    High
  • Integrity (I)
    High
  • Availability (A)
    Low