Supply-chain threat intelligence

Incident detail

criticalmaven·typosquatting·github

Malicious code in io.github.leetcrunch:scribejava-core (Maven)

io.github.leetcrunch:scribejava-core

Risk score

92

AI summary

Indexed incident for io.github.leetcrunch:scribejava-core (maven).

Description

A malicious Maven Java package a typosquatting a legitimate OAuth Maven
package. The malicious package collects and exfils OAuth credentials on
the 15th day of each month.

Technical details

Indicators

  • ghsa
    95%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents