Snyk has a published code exploit for this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsAvoid using all malicious instances of the Pyobfgood
package.
Pyobfgood is a malicious package. This package contains a script that is activated upon installation which receives and executes code from an external source. This malware, named “BlazeStealer, runs a Discord bot which effectively provides the attacker full control of the target’s system, allowing them to perform a myriad of harmful actions on the victim's machine.
IoC:
- MTE2NTc2MDM5MjY5NDM1NDA2MA.GRSNK7.OHxJIpJoZxopWpF_S3zy5v2g7k2vyiufQ183Lo
- hxxps[:]//transfer[.]sh/get/wDK3Q8WOA9/start[.]py
- hxxps[:]//www[.]nirsoft[.]net/utils/webcamimagesave.zip