{"id":"PYSEC-2025-6","summary":"Exfiltrates cookies to hardcoded IP address","details":"Published in 2021, the colabrun package is a Python library\nthat exfiltrates user cookies to a hardcoded IP address.\nThe package was found to exfiltrate user data to a hardcoded server,\nwhich could be used for malicious purposes.\n","modified":"2025-02-26T20:59:48Z","published":"2025-02-26T21:45:57.721824Z","references":[{"type":"EVIDENCE","url":"https://inspector.pypi.io/project/colabrun/0.3/packages/89/28/3a932225fc02f6f6dc39d6232e3937011e11294551a985257c949eb4a7d3/colabrun-0.3.tar.gz/colabrun-0.3/colabrun/common/config.py#line.4"},{"type":"EVIDENCE","url":"https://inspector.pypi.io/project/colabrun/0.3/packages/89/28/3a932225fc02f6f6dc39d6232e3937011e11294551a985257c949eb4a7d3/colabrun-0.3.tar.gz/colabrun-0.3/colabrun/common/utils.py#line.29"}],"affected":[{"package":{"name":"colabrun","ecosystem":"PyPI","purl":"pkg:pypi/colabrun"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/colabrun/PYSEC-2025-6.yaml"}}],"schema_version":"1.7.3","credits":[{"name":"Mike Fiedler","type":"COORDINATOR"}]}